Airing October 25, 2011
| Page 1 2 3 All | Next > |
Expert Reactions: Eric Cole, Associate
Organization’s today need to recognize that they are going to get compromised. A comprehensive approach must take into account that prevention is ideal but detection is a must. In order to provide proper protection, an organization must have a list of all critical information and business processes that utilize that information, with all of this mapped to systems within the environment. It is important to always remember knowledge is power. An organization cannot protect what they do not know. If the offense knows more than the defense, an organization will lose. Once accurate information is gathered, everything in security must map back to risk. Before an organization spends a dollar of their budget or an hour of their time they should always answer three questions: 1) What is the risk?; 2) Is it the highest priority risk; 3) Is it the most cost-effective way to reduce the risk? While many organizations focus on risk remediation, today many risks cannot be properly remediated and need to be transferred to a third party. Therefore, cyber insurance is becoming more and more important to help an organization properly manage risk. In cases where an organization cannot remediate and/or accept the risk, utilizing insurance is an effective solution. While the industry is still not fully mature, this is a big growth area that will be required to keep pace with the advanced threat.
Read More and Comment
Principal with extensive expertise in secure network design and information systems security.
The idea of 100% security is not a reality anymore. The new breed of attacks – which is constantly changing and evolving – is persistent. The threat is not simply a disruption of service or operations, your critical data and information is targeted by patient and sophisticated attackers who will continue to break in until they are successful. In this environment, how are we going to win?
One way to look at this threat landscape is to imagine the attackers as cyber-shoplifters. The most successful defense against shoplifting is to lock all the doors and not let anyone in. However, this is also an effective method of going out of business. Essentially, you have to allow incoming traffic and, at the point of entry, legitimate traffic looks identical to nefarious traffic. At some point though, they will change their behavior. That’s where you catch them. We need to focus on these points of deviation – anomalous behavior, increased data transfer rates, and numerous connections – and quickly identify threats to your network.
For another perspective, we can consider treating health problems. Three years ago, we were fighting the equivalent of the common cold, now we’re fighting cancer. You can’t control what germs you’re exposed to, or whether or not you get sick, but you can take specific measures to minimize the toll it takes. The goal is early detection, which involves knowing what to look for, what tests to perform, and – before the symptoms become a terminal illness –remediate and remove the threat. You’ll never be penalized for having a breach and catching it early, but you will if you have a breach and don’t catch it for six months.
When it comes to cybersecurity, a “win” used to be defined by preventing any attackers from compromising your networks. As we’ve come to realize that’s no longer an option, we also recognize the need for a new definition of “win.” The reason companies are suffering so much damage today is because the attackers are stealthy. Many breaches occur over a period of several months without detection.
The impact of a cyber attack increases significantly the longer the network is compromised. With that in mind, early detection is essential in order to successfully defend against today’s cyber attacks. Our expertise leverages tools like Advanced Forensic Responder (AFR) and other methodologies to monitor our clients’ networks and provide early detection. A “win” in today’s cybersecurity landscape is characterized by minimizing the damage incurred due to early detection and quick remediation.
Read More and Comment
| Page 1 2 3 All | Next > |
