Data theft is in the headlines again as news speads that a Russian gang has reportedly stolen 1.2 billion usernames and passwords from various companies. The exact details of what and how much data has been exposed is unclear, but if such a large amount of customer data has indeed been amassed, it reminds us that companies are still being breached. While on the one hand reports of data breaches such as this keeps the cyber threat in the public eye, there is also a risk that the frequency of these incidents creates a certain amount of ‘cyber fatigue’ and a dangerous sense of complacency.
What it certainly does show us is that there is a need for firms to implement a ‘response in depth’ approach in order to mitigate the chances of their data being stolen, it’s no longer a question of preventing breaches from happening, instead it’s a question of what do you do when it does happen.
Security in depth
Up until now, the more traditional approach to securing business networks has been commonly known as ‘security in depth’, which consists of relying on ‘layers’ of technology and processes to reduce the risk of an attack being successful.
Although the various layers serve a valid purpose, the fact that we see firms who will certainly have a number of these layers in place still being breached suggests that more is needed. A simple, well-constructed phishing email can penetrate the most well configured firewall, IPS and network perimeter.
Response in depth
A ‘response in depth’ model starts with the premise that you will be breached at some point. The focus is now on fast detection, effective containment and response and a speedy recovery after a breach. If you can react early in a breach situation to unauthorised access to your systems, you can hope to thwart hackers before they have managed to find their way around and eventually uncovered and made away with the kind of valuable data that they are looking for.
‘Change my password again??’
The other angle that needs to be addressed is user awareness and training. Although a long term solution may change this, currently we live with systems where user behaviour vastly impacts our security. Users who often unknowingly or unwittingly click on, or visit, malicious links and files also use weak or re-used passwords. In any confirmed breach of credentials it’s vital that passwords are re-set and strong, complex credentials put into play.
Early diagnosis here is absolutely key. For example, log data is often generated in organisations but the breach reports we see tell us that significant time periods elapse between the time of a breach and when the affected party has realised they have a problem. In most cases the notification comes from a third party, not internally.
Understand and accept risk
What’s more, companies can further improve their security strategy by accepting a level of risk in their internet and email connected environments, while removing sensitive data like customer names, addresses and passwords into a hardened core, much like an avocado versus the hardened outer shell of a coconut that the more traditional security models look like.
Act now to change – don’t wait till it’s too late
Your incident response capabilities and the approach to planning for an incident is vital. You may be breached, but reacting to this before any data extraction takes place could be the key event that turns a disaster into a manageable event.
To contact Nettitude's editor, email email@example.com.