Anytime one hears of a data breach of a large organisation, like Channel 9 or Taylors Wines, it’s natural to wonder how a large entity with resources for the best cybersecurity can have their network breached.
Today’s threat landscape has become very sophisticated. While large enterprise companies and government organisations may have state-of-the-art technology solutions, so do large criminal cybercrime organisations.
This means that even the best IT security safeguards can be vulnerable given a new type of attack or new AI-powered version of malware.
The increased number of network endpoints and move to remote teams has also complicated network security. This provides hackers even more opportunities to breach company data through unsecured home Wi-Fis and unprotected mobile devices.
The “Defend the Perimeter” Strategy is No Longer Enough
Traditional cybersecurity has been about defending the perimeter of a company network. Putting up a firewall to keep out threats, using antivirus to detect malicious files attached to an email, and using stronger passwords to keep account takeovers from happening.
While those are all important strategies, they are no longer enough to keep a company as protected as possible from a breach.
Today, companies need to take an “Assume Breach” mentality and work with IT providers that do the same.
What is an “Assume Breach” Mentality?
When you assume there already is or will be a breach of your network despite best security efforts, other tactics come into play that can help identify and ward off even the most malicious threats.
Instead of only assuming the “bad guys” are outside your perimeter, this type of mentality assumes they could be inside as well, and thus deploys threat hunting mechanisms that are continuously scanning for insider threats.
The Assume Breach mentality can often catch new and emerging threats that a perimeter-only strategy may not detect, such as fileless malware that sends malicious commands to legitimate Windows applications. It can also help catch spyware that is planted inside a seemingly innocent mobile app that an employee downloaded.
1 in 36 mobile devices have high-risks apps installed.
Tenets of an Assume Breach Stance
When working with security-first IT professionals that embrace an Assume Breach stance, you’ll find that there are several core tenets included that help your company both mitigate and immediately address any potential data breaches.
#1 Hunting of Network Threats
Ongoing monitoring of network and endpoints is an important piece of an Assume Breach approach. It’s not just assumed that anything that has made it through perimeter security (users or executable code) is supposed to be there.
Applications that are proactive about hunting out network threats, can identify strange program behaviors and other things that fall out of the norm of your daily technology workflow and immediately flag them as suspicious.
#2 Automated Response to Attacks
If you only receive notification of a threat, it could be hours or days (if on a weekend) before the threat is addressed by your administrator. This is one reason that working with an IT professional is important because attacks can be addressed immediately, which limits the damage and costs.
Assume Breach systems have automated response mechanisms programmed into them which are customisable. This allows them to immediately react to a threat and neutralise it when found without needing human intervention.
#3 Recovery Mechanisms Are Put in Place
If you assume that at some point in time, your company will suffer a data breach or data leakage incident, then you can be fully prepared when that happens, rather than being caught completely off guard.
Part of the Assume Breach mentality is putting response plans into place that everyone can follow when a breach does occur.
The savings in the cost of an average data breach is AU$4.62 million when automated breach response mechanisms are put in place.
#4 Learn from Breaches to Prevent Future Attacks
With an Assume Breach mentality, breaches are fully investigated to learn everything about how they happened and the vulnerabilities that a hacker exploited.
This then informs cybersecurity upgrades to seal those vulnerabilities and prevent future attacks.
Some of the steps followed for breach investigation and future planning are:
- Gather all evidence left by the attacker
- Detect evidence that’s an indicator of compromise
- Triage the alerts process to see where improvements can be made
- Gather full context about the scope of the breach from the technology environment
- Remediate the attack, ensuring all traces from the attacker are eliminated
- Put breach remediation plan into play
Strengthen Your IT Security With an Assume Breach Strategy
NetCare can help your business put an Assume Breach strategy into place that will keep you both protected and resilient in today’s dangerous cyber threat landscape.