I'm sure you've heard it before, the saying that "it's not a matter of if, but a matter of when" in regards to data breaches on companies. If 2014 was the year of the data breach, then we should aim for 2015 to be the year of security and prevention. However, what are you supposed to do if someone does break in to your servers and maliciously intends to corrupt your company's documents and files?
Here are 7 actions you can take to minimize damage if cyber criminals do get in:
1. You will get breached, plan for it: No matter how sophisticated your security, nothing is perfect. One day you will be breached, so you need to design your internal network with this inevitability in mind. Back up your data, have a pre-written disaster recovery plan, and ensure systems are in place so operations can continue even if the worst happens.
2. Encrypt, encrypt, encrypt: Modern companies have become very good at encrypting any data that leaves the corporate network, but far rarer is anything encrypted locally. If you storLike it e any sensitive data (e.g., password databases), it must be encrypted on the computer it’s sitting on. If you encrypt stored local data, it becomes much harder for attackers to steal it – even if they do breach your network. There is no excuse for not using local disk or file encryption.
3. Segment your network and apply “least privilege” principles: Your internal employees shouldn’t have equal access to all of your data. A marketing person should not have access to your full corporate finances, and an accountant should not have access to the marketing plan for a yet-to-be-released movie. Segment your trusted network using strong security controls to limit internal employee access. Also be sure to leverage the least privilege principle to ensure employees have access to only what’s needed to perform their job roles.
4. Two-factor authentication: Passwords will not die anytime soon, however, if you rely on passwords alone and someone figures out your administrator’s credentials, your network is lost. If you use some form of two-factor authentication, an attacker will not be able to compromise your network even if an important password is leaked. In 2015 and beyond, two-factor authentication will become a must have – not just a “nice to have.”
5. Data loss prevention (DLP) can stop data exfiltration and alert you to problems: Modern security products now have controls that recognize when specific data moves around your network. Using DLP controls can help prevent bad guys from sending data out over the Internet, or may at least alert you when data is leaving your building.
6. Consider the full kill chain and block outgoing C&C connections: The kill chain consists of every step in the attack process, including post-breach steps like the communication channels malware uses to report back to attackers for data exfiltration. Even if you get breached, it’s NOT too late to prevent the attack from continuing. Many modern security products can detect and block malware’s outgoing communications. This may prevent attackers from gaining access to your network even if malware has already infiltrated your organization.
7. Visibility and analytic solutions can recognize when you’re breached: Organizations are not noticing that their network has been compromised until it’s much too late, largely because legacy network and security controls do not do a good job of identifying very important events in the oceans of data stored in log files. Today, you need security visibility and analytic controls that can translate and correlate that ocean of logs and present you with the key events that identify that something went wrong.
