6 cyber resilience best practices
When data is your focus, and leading security and data management partners are working as your architectural pit crew , your organization can have the cyber resilience foundation you need for anything. Here are six best practices for building your cyber resilient environment.
1. Stay vigilant: Continuously monitor your security posture
The threat landscape is constantly evolving and organizations struggle to keep up due to limited budgets and resources, resorting to time-consuming manual exporting of data to several spreadsheets and continuously chasing threats rather than anticipating potential attacks or compromises. This leads to unfocused decision-making and inadequate strategic planning at every level of the organization. NIST advises teams to develop and implement cybersecurity policies and procedures. Yet cybersecurity teams need new approaches to proactively address and manage current and emerging cyber risks. They must more fully understand where to prioritize their efforts, how to objectively measure progress over time, and when to effectively communicate results to stakeholders to mitigate attacks and dramatically reduce the number of incidents they need to respond to quickly.
Preventing cyberattacks means not only implementing the NIST-recommended employee cybersecurity training and awareness, plus implementing access controls and monitoring systems. It also requires full visibility into assets and exposures, extensive context into potential security threats, and clear metrics to objectively measure cyber risk. Organizations that can anticipate cyberattacks and communicate those risks for decision support will be best positioned to defend against emerging threats.
Data is especially challenging, as it’s the most dynamic of all assets. Sensitive data grows and proliferates rapidly, and organizations need to know the data’s location, its classification, how it’s accessed, and other factors to understand its risk and protection needs.
The most successful cyber resiliency plans begin with an assessment. Teams need to not only review cyber strengths, weaknesses, opportunities, and threats but also identify the solutions required to build cybersecurity defenses and respond effectively to cyberattacks . Industry-leading threat experience, coupled with expertise about intelligent data security and data management solutions working onsite and across clouds, help organizations develop more effective cyber readiness programs.
2. Never trust, always verify: Architect with Zero Trust principles
The legacy model of security, centering on the idea of trust but verify is no longer valid in today’s business and government environments—because perimeters no longer exist. Best practices for digital business require architecting with Zero Trust principles, including never trust always verify and least privilege to ensure you know who’s accessing what information and when.
Compromised sensitive information hurts business reputations and advantage as well as government agility and situational awareness. That’s why it’s now critical to safeguard every identity—human or machine— across the widest range of devices and environments. A digital identity is the body of information about an individual, organization, or electronic device that exists online. With so many enterprises undergoing digital transformation, a surge of identities with unprecedented access to data has emerged. Today, the number of identities with privileged access and control across multiple devices far outnumbers the number of users, putting the onus on your security team to better safeguard a wider attack surface. Moreover, the use of multiple legacy tools to manage identity security for your data estate creates complexity and inefficiencies that hackers can exploit. Comprehensive role-based access controls coupled with never trust, always verify policies better protect your organization from ransomware and insider threats.
Because data now lives everywhere, your organization must find a way to comprehensively unify data management and data security—from endpoints and cloud workloads; from backup to production; and from identity to data—to stop bad actors. A data-first approach to attack prevention—complementary to NIST’s recommendation to implement encryption and other security controls to protect data—requires visibility and control of all your data. With complete visibility, you can minimize data risk across all your cloud and on-prem systems for data security, privacy, compliance, and governance.
3. Know your data: Deepen intelligence
NIST recommends regularly testing and updating incident response plans and conducting regular vulnerability assessments and penetration testing. Doing so is critical because rapid malware detection helps you gain the confidence to refuse to pay ransom. Beyond this guidance for production systems, you can uncover cyber exposures and blind spots within your production environment by running on-demand and automated scans on production data and backup snapshots against known vulnerabilities. These scans also make it easy to assess your risk posture and meet stringent security and compliance requirements without impacting your production environment.
Scan production and backup snaps to assess health and recoverability. Verify backups to ensure no known vulnerabilities get re-injected into the production environment during restores. All of these provide deeper intelligence and a global view of all cyber exposures within your production environment so you can address them before a bad actor exploits them.
Artificial intelligence and machine learning (AI/ML)-powered data classification also accelerates ransomware protection, detection, and response capabilities, keeping you one step ahead of cybercriminals. You can continuously discover sensitive and regulated data, including personal identifiable information (PII), protected health information (PHI), and PCI data, and reduce false positives with ML-based data classification. This data intelligence helps inform the security posture and keep dependent security controls, such as Data Loss Prevention (DLP), up to date as well as helps response teams understand the impact of a ransomware attack or cyber incident.
4. Boost collaboration: Make cyber resilience a team sport
Resilience requires preparation, responsiveness, toughness, and adaptability. In the modern connected world, security leaders must leverage an architecture and processes that are inclusive of on-prem, cloud, and SaaS environments while implementing security processes focused on business continuity. SecOps programs must leverage solutions and processes that deliver prevention to stop adversary actions when possible—but also detect and respond as necessary when prevention isn’t possible.
Resiliency is achieved by stopping adversaries before they accomplish their objectives in a target environment. Organizations must implement a strong understanding of their individual threat landscape and attack vectors to support resilience efforts. Both are attainable through understanding refined threat intelligence and attack surfaces, but must be specific to the organization and not generalized. Finally, processes that support business resiliency are a critical security program outcome. Incident response planning and partnerships are key to supporting both the business and your security program’s viability.
领英推荐
NIST recommends establishing partnerships and collaborations with other organizations to share threat intelligence and best practices. When you re-engineer and adapt your processes to lean into IT/SecOps collaboration, your organization has a better chance of defending your data against ransomware attackers. Your business leaders will also sleep better at night.
Discover and invest in trusted security products that work seamlessly together to counter ransomware. These include security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions that accelerate time to discovery, investigation, and remediation of ransomware attacks. Pre-built, integrated workflows that are extensible help enable SecOps to augment them for automated incident response and unified operations across security, IT, and networking teams. In addition, make sure pre-built integrations are possible using a secure software development kit (SDK) and customizable management APIs that give you the flexibility to operate your environment the way you want to fight cybercrime.
5. Consolidate and simplify: Leverage a modern data security and management platform
Scale and compatibility are additional keys to combating ransomware attacks. Because cyber resilience requires collaboration, it’s important to take advantage of an extensible, modern data security and data management platform with an API-rich and API-first architecture that works across locations and covers the widest range of data sources. By consolidating many data management functions in a single platform, you simplify operations. Instead of making copies of data and moving them around, you also have a solution that lets you reuse data in-place, bringing value-add applications to data for routine and more challenging tasks—from virus scanning and data masking to analyzing file audit logs and classifying data. Moreover, a single, extensible platform cuts down your data footprint and the surface available for ransomware to attack.
6. Gain speed and confidence: Integrate backup infrastructure with security infrastructure and operations
Data security and data management complexities can’t be solved alone, particularly when a breach happens. To get back to operational readiness as soon as possible—within recovery time and recovery point objectives (RTOs/RPOs)—requires an integrated approach where backup is not siloed but an intrinsic part of security infrastructure and operations.
Organizations investing in data security and data management will benefit from tightly integrated solutions that cover the full spectrum of security frameworks. A popular one is the incident response cycle, or PICERL, from the SANS Institute :
? Preparation – Assessments, plans, education, identity management, etc.
? Identification – Awareness monitoring, early detection, etc.
? Containment – Notification, backups, forensics, etc.
? Eradication – Restores, root-cause analysis, malware removal, etc.
? Recovery – Vulnerability scanning, return to operations, baseline, etc.
? Lessons learned – Reporting, procedure updates, etc.
Carefully considered integrations give you and your team the speed and confidence to counter attacks all the way from planning to recovery—even using automated AI/ML to detect potential cyberattacks by alerting teams about unusual patterns surrounding your data. When a breach happens, you also have a way to recover clean data—to any point in time and location—that has been vulnerability scanned to avoid system reinfection, reducing downtime.