Armed with fresh resolve for 2015, what are the key questions that security teams should be asking as part of their own New Year ‘healthcheck'? It's all about setting realistic goals, but, getting started is a good first step.
We now accept that a security breach will happen and assets will be compromised or lost. Given this ‘assumption of compromise', it's important to identify all risk within your organisation, prioritising risk levels that you are willing to take, including all possible assets that attackers could target and building a tolerance for loss or damage in these areas. The most important task is identifying where your assets are and how you can protect them.Ensure you know where all sensitive data is being held. A thorough stock take should assess how far your data has spread and onto what devices. This exercise can often uncover potentially sensitive data on devices where you simply weren't expecting it to be.
As threat levels grow, every team should have a plan which covers the key phases for incident Response, from planning, protection, detection, triage and response. Plans are great in theory, however, in the same way that we'd carry out regular fire drills, teams should stress-test and refine response plans regularly. Only then can you really know how well equipped you are to detect, contain and remediate any threat. Drills should be tested based on different kinds of incidents through different threat vectors and should be organisation-wide; from C-level to HR and PR.
Know the enterprise
Assess if you really know what is happening across the enterprise, across every type of device, from smartphones to tablets and smartwatches - any device with an OS and internet connection. You need to baseline ‘normal' behaviour at endpoints to identify any changes which suggest a compromise and investigate them.
Address staff trainingBuilding a talented team with the skill-sets to manage and respond to cyber-threats is important, but so is keeping your team engaged and motivated by reviewing training and skills. A KPMG poll says nearly three-quarters of senior IT and human resources professionals report facing new cyber-security challenges which demand new cyber-skills.
Factoring in time for mentorship, study, or outside training is key for employees, for their own job satisfaction and the added value this brings to the team. This could be one of the most important strategies to ensure you hold on to talented staff.
It's also important to have an ‘HR' continuity plan to deal with security skills gaps should anyone in the team leave. Is there documentation in place to cover processes and systems so that a new entrant could quickly get up to speed?
Ensure all staff are aware of policies and their role in keeping the company's systems secure. Even with the most robust security tools in place, plans can fall down if we haven't educated end-users on their own ‘cyber-hygiene'. Phishing attacks and other ‘low-effort' methods are still proving lucrative for cyber-criminals, so review all processes from practical measures such as reminders to employees about browser usage, attachments, and password choices, to more strategic plans to encourage security practices across the organisation. Bring in support from the highest levels so that the importance of security is communicated from the top and work with executives across other departments to build concrete plans.
Nick Pollard is senior director of professional services at Guidance Software.