How to approach data breaches
The impact of a data breach can have long-term effects on both the financial and reputational state of an organisation. Despite this, some still do not have the security solutions in place that are required to effectively defend modern, digital environments from data breaches.
Organisations must deploy solutions and adopt certain strategies designed to work together to protect critical data and assets from being compromised or stolen. This includes the following:
Security Hygiene Practices
It may come as a surprise that a majority of data breaches are caused by threats that have been around for weeks, months, or, in some cases, even years. In fact, most of the attacks being detected in the wild today target vulnerabilities that organisations have had the opportunity to patch for at least three years.
With this in mind, organisations must prioritise the patching every catalogued device immediately, even before establishing a formal protocol for patches and updates. And those devices that cannot be patched or updated should be replaced or protected with proximity controls such as IPS systems and zero-trust network access.
And in addition to patching, security teams must also ensure these devices are properly segmented, and that the network has the ability to automatically detect and quarantine compromised devices.
Leveraging Threat Intelligence
When working to stay ahead of cybercriminals, organisations should not underestimate the importance of advanced threat intelligence. While local intelligence gathered across one’s network is a critical piece of the puzzle, it alone cannot provide enough data to be truly effective.
“Threat feeds are crucial in keeping security teams up to date on the latest exploits around the globe,” says Jonathan Nguyen-Duy, vice president, Global Field CISO Team at Fortinet. “The data that is pulled from these feeds can be converted into actionable intelligence that can then be combined with local intelligence and then distributed across the security framework, resulting in maximum protection.”
Signature-based Detection Tools
Most vulnerabilities that have been or are being exploited are known, meaning attacks targeting those vulnerabilities can be detected via signatures. By employing signature-based detection tools, security teams can quickly scan the network and fend off any attempts at infiltration or the execution of exploits targeting known vulnerabilities.
“Signature-based tools are [also] a great option for complex environments that feature various IoT and other interconnected devices that cannot be updated,” explains Joe Robertson, Field CISO at Fortinet.
Behavioral-based Analytics and Data Sanitization
For those threats that do not have a recognizable signature, organisations must employ advanced threat protection solutions such as sandboxes and User Entity Behavior Analytics (UEBA) tools. Since most threat actors also have the ability to learn and mimic legitimate traffic patterns to evade protection, security tools need to do more than just look for low-hanging malware. They must also “conduct an in-depth inspection and analysis that focuses on patterns that can then be used to detect and diagnose malicious intent,” according to Alain Sanchez.
Finally, these systems should be able to proactively and automatically intervene even before an attack takes place. By employing data sanitization strategies, such as Content Disarm and Reconstruction (CDR) tools, organisations can get ahead of potential threats, removing malicious content from specific files and stopping an attack in its tracks.
Use of Web Application Firewalls
Today’s cyber threats are anything but traditional, therefore the same must be true for today’s security tools. Despite the inherent risk of web-based attacks, many organisations are not able to adequately test or harden their web applications before they are deployed. Jonathan Nguyen-Duy explains that by employing a web application firewall (WAF), “organisations can achieve a deep level of inspection of web application traffic that goes beyond what traditional NGFW technology can offer.”
Replace Traditional Point Security Technologies
Most traditional point security solutions tend to operate in isolation, meaning they are not getting the full picture of the network and can only respond to what is directly in front of them. Considering the sophisticated nature of today’s multi-vector cyber threats, embracing a fabric-based approach to security is critical for keeping constantly-evolving network architectures protected against data breaches.
Alain Sanchez stresses the importance of this fabric architecture, stating, “It offers benefits that are necessary in the face of a data breach, such as single pane of glass management for visibility purposes and automated response to attacks.”
Network Segmentation
Considering the frequency at which data and applications flow across today’s digital environments, organisations must also segment their networks as a means of preventing threats from spreading. This can be achieved through the deployment of internal network segmentation firewalls and the establishment of macro- and micro-segmentation strategies. “By doing this, security teams can create consistent policies across the network and more effectively manage and secure the movement of data and applications,” explains Joe Robertson.
The process of segmentation is especially critical when large amounts of data are being collected and correlated in either a single environment or throughout multiple network environments. This will ensure that the correct controls are in place to detect threats that have permeated the perimeter of one network segment and are moving across the environment – without it, the success of a data breach that can move end-to-end across the network is essentially inevitable.
The frequency and sophistication of today’s data breaches highlights the fact that security cannot be pushed to the sidelines. Defending against these threats requires proactive strategies, as noted by the cybersecurity professionals quoted above, that not only rely on security solutions but also organisation-wide awareness of these risks. By embracing a range of integrated and automated strategies that can be deployed broadly across the network, organisations can protect themselves and their customers from the spectre of modern breaches.