Many organisations are still lacking the adequate tools, processes and procedures to identify cyber-attacks against their organisations. Consequently, customers are often the first to learn that their data has been compromised. Not only does this cause immediate and sustained corporate embarrassment, but with little control over how the news is communicated and disseminated, this can have a devastating impact on any strategies put in place to mitigate the reputation impact of a cyber-attack and data loss.
In 2015 the average time it took for organisations to discover their cyber security had been breached was 146 days; down from 205 in 2014. While this 59 day improvement is to be applauded, it is still too long. So how to close the gap?
The biggest contributing factor to excessive delays in breach discovery is the fact that many organisations take the traditional event-driven approach to managing cyber security incidents, relying on notification of suspicious activity before undergoing any investigation. With cyber-criminals remaining one step ahead in their ability to remain undetected this puts organisations at an immediate disadvantage.
Organisations therefore need to put themselves on a war footing, and assume that they are under constant attack. By putting in place controls that continuously search for indicators of malicious activity within an organisation, coupled with a wider cyber security strategy; this could be the determining factor in closing the gap between breach and discovery from months to days, hours or even minutes.
So what do these controls look like? In truth these controls are primarily technical. Just as each of us is unique, so is each company and its underlying network structure. The most important consideration for any company is establishing what is 'normal.' As of yet we do not have full Artificial Intelligence, therefore software will not be able to pick up unusual activity unless we tell it first. Building this baseline will allow monitoring to pick-up on unusual activity, and notify the correct people to look further into the situation, minimising the time between incident and being made aware.
Combining this technical approach with the establishment of human firewalls will ensure a holistic approach to cyber security that combines processes with technology and people. The result being that organisations will be the first to know if they have been compromised and the delay between a breach and notification will be drastically reduced.
When it comes to reputation the investment community wants organisations to speak up before being asked. Thus, incorporating continuous incident response into an organisations cyber security strategy may prove the determining factor between bankruptcy and a bruising following a breach. And it's not just limited to large organisations; increasingly smaller companies are being targeted because they are less likely to have policies or awareness training in place to mitigate a cyber-attack.
Ultimately, data breaches are expensive for any sized company. The only way to minimise the financial and reputational impact of a cyber-attack and data loss is to be prepared for what will come.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
