Cyber Intelligence has been grabbing the headlines of late and occupying people’s minds. Rightly so, but, whilst we are all busy talking about Cyber, there are two things that stand out to me as action items for customers.
- We need to balance where our intelligence comes from. To date, we have relied on learning from the world en masse. When it comes to Cyber crime, with its random pickpocketing approach, this works fine. However, when the attacks are heavily targeted, down to the individual level, we must look closer to home. And this is where most of us fall down.
- To be able to spot anomalous behaviour in our own organisations, first we need to be able to baseline what is ‘normal’. From my experience in working with and talking to customers, while we have good policies and security controls in place, we are poor at activity monitoring these and enforcing good baseline behaviours.
For example, you may have solid control systems around your software in place, but then, a few weeks later, need to plug in a printer, with new drivers installed, or introduce a videoconferencing connection, and the situation can degrade quite quickly from there, in terms of your security. But how aware of this would your organisation be? Would it know enough about its environment to spot the often subtle differences – such as new executables that appear or changes to the registry?
Yes, it is complicated. But, if we don’t know ‘good’, how are we to spot the bad when it presents itself? IF we can better baseline our own security, though, we will dramatically reduce the amount of basic security incidents that do occur, that really should not.
Like any project, you don’t have to do it all at once. Look at those areas of high risk and start base lining there first. Equally, look to the proven best practices, such as SANS institute, or those from your own national CERTS or security vendors; they provide valuable tips on the key controls you should be base lining and monitoring.
Once we can spot Cyber incidents, we need to be sure we are ready to respond. On which note, when did you last test your Cyber capabilities? In the world of data management, we have always had the philosophy of test your back-up process regularly. Don't wait for when you need it to find out that the process really doesn't work. All commonsense, you might think. Yet, in the security space, we get so caught up in dealing with the day-to-day challenges, most of us forget to test ourselves. I hear, all too regularly, that processes were followed, yet the desired state was not achieved; and whilst governments run regular cyber exercises, sadly the rest of us do not.
The launch of the Symantec Cyber Readiness program – a Pan-EMEA initiative where business executives and practitioners can test their teams’ skills, in terms of red teaming (finding the weak ingress points) and blue teaming (defending the environment) – offers a safe environment for you to check out your people, processes and procedures to make sure they stand up to the real-world need. Now is the time to find out, for we all know that waiting for the live test to be the first test will fail!
You can find out more about a Symantec Cyber Readiness event in your region by visiting this link