Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 23 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Learning to live left of breach

by The Gurus
January 22, 2018
in Editor's News
Share on FacebookShare on Twitter

Written By Harlan Carvey, Director of Intelligence Integration, Nuix. 

The cybersecurity industry tends to focus its attention on what to do after a breach or a hack occurs. After all, this is the topic of discussion for the media, or an organisations’ partners and customers. “What does the victim do now?” But shouldn’t we at least be as interested, if not more so, in what the organisation should be doing before a breach ever occurs? This is how we’ve come up with the term, staying left of the breach – meaning before it takes place.

It’s pretty much commonly agreed upon within the industry that data breaches are inevitable. It won’t be long before the media outlets give us another Equifax, Three, Deloitte or Wonga (to name but a few) – and demonstrate the potential irreversible damage the breach may have on said organisation.

As the stories of these breaches emerge, we continue to see organisations remaining right of breach for far too long; that is, in pure reactive mode. Panicking and scrambling to collect information that may no longer exist – often days, weeks, or even months after the breach occurred. So, what exactly does this look like in practice?

Living right of breach

The first step to understanding the difference is learning what to expect if you choose to remain right of breach…

A sense of panic and dread

It’s only natural upon learning that your organisation has been breached that a sense of dread will begin to fall over any business leader.  There is a correct way to react, but because you’re living “right of breach”, you begin to panic and scramble for answers. What resources or assets have been compromised? And, very often you can’t find the data you need to inform legal counsel and senior executive decisions due to inadequate incident preparation. Combine the lack of planning with a lack of experience and the overwhelming requirement to report to compliance and regulatory bodies, and the result is pandemonium.

The end result is that a breach becomes wildly expensive for any organisation – not just in terms of litigation – but in terms of brand reputation, to which it can have a devastating effect for even the largest of conglomerates.

Regulations and notifications

Depending on where your organisation is based, you will be held accountable to any number of compliance requirements and regulation bodies. One such regulation that centres around breach notification is the EU’s General Data Protection Regulation (GDPR). Organisations whose business operations are predominately based within the European Union (EU) have had no choice but to pay attention to the regulation once it comes into effect in May of 2018. After all, if they choose to ignore it, they could face significant fines for noncompliance. These fines are the greater of €20 million or 4% of the organisation’s global gross revenue. The time and money spent having to comply is surely the preferable option for organisations operating within the EU.

To the left, to the left

Now that we understand a little more about the costs of being breached, let’s turn our attention to the benefits of staying in that ideal left of breach posture, and some ways to remain there.

Plan for the worst, hope for the best

If you plan for incidents to occur, if you run your organisation “left of breach”, you can budget for the costs of planning and implementing your security strategy. Yes, there are one-time start-up costs and annual upkeep or maintenance costs, but all of these will become part of budget planning, and hence, the annual financial planning process.

By taking this approach, you can detect breaches much earlier in the threat lifecycle, which removes a great deal of the costs resulting from a breach. Through early detection and remediation, you avoid the costs of notification and the legal fees for subsequent lawsuits.

More importantly, if you’re only responding to a breach many months after the fact, it can very hard to say definitively what data was compromised. Detecting and halting the breach before the attacker can access sensitive data means you won’t have to deal with notification costs.

Why early detection is the way forward

When you build your infrastructure with visibility in mind, you naturally learn a fair bit about what’s going on inside your virtual walls. You begin seeing a great deal of the activity that’s occurring on your systems, both long-running and short-lived processes. As you begin monitoring your systems, even the most basic filters for process activity will illustrate suspicious activity.

This sort of visibility, particularly when coupled with system hardening and audit configuration, inherently leads you to understand and detect suspicious activity, as well as outright breaches, much earlier in the threat lifecycle. Rather than learning from an external third party that you’ve been breached, you detect the breach before the attacker can access sensitive data.  As such, you can then state definitively that sensitive data was not accessed in your report to your compliance oversight body.

Endpoint visibility and monitoring tools allow organisations to detect the presence of malicious actors much sooner within the breach cycle. This then allows security teams to identify their entry point and respond with a planned approach before they develop a foothold within the IT infrastructure.

Getting to the left of breach

Getting left of breach means configuring your systems appropriately for your infrastructure and then utilise them for visibility.

When I say configuring your systems, ask yourself questions like:

  • Why is our DNS or DHCP server running a web server and Terminal Services?
  • Should both of those be accessible from the internet?
  • Are our systems configured to provide only the necessary and defined services, and are those systems and services patched appropriately?

The purpose of system configuration is to reduce your potential attack surface, making it harder for cybercriminal to gain access to systems by forcing them to change the methods they use to attack your organisation.

Enabling endpoint visibility and monitoring the information collected allows your organisations to capture a complete record of an adversary’s access to your network.  The appropriate application of threat intelligence allows you to filter through the vast amount of “normal” activity within your infrastructure that is indicative of day-to-day business, and alert on activity associated with dedicated adversaries. This process then gives you the ability to quickly filter through massive amounts of data to focus on just those relevant activities. The same is true for insider threats as well as a wide range of security issues.

It comes down to the saying “An ounce of prevention is worth a pound of cure.” Of course, you can justify spending large sums of money and time by waiting for a breach to occur. Once that happens, what choice do you have? Isn’t it better to take the time, money, and energy to focus on staying “left of breach”, rather than suffering from the enormous costs (financial, legal, brand) associated with being “right of breach”? Chances are your stakeholders and investors will thank you in the long run when your organisation is breached.

FacebookTweetLinkedIn
Tags: BreachCybercybersecuritysecuritytech
ShareTweetShare
Previous Post

Netflix and Chill? If you open this email you could be screwed

Next Post

72 hours and counting: The role of AI in GDPR

Recent News

chinese flag

Chinese hackers caught spying on Russian defence institutes

May 23, 2022
doge coin

Cryptocurrency scammers use Elon Musk deep fake

May 23, 2022
hacker using computer

Conti ransomware group disbands

May 20, 2022
Xerox Corporation victim of Maze ransomware

Who is UNC1756 – the hacker threatening Costa Rica?

May 19, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information