Do you know what cybercriminals are targeting in your organization? From a recent Forbes CISO survey, 36% of the respondents cited brand and customer data as the highest priority and the greatest concern in terms of the information they need to protect. What’s probably not surprising is almost two-thirds of them cited some sort of data loss as their biggest concern from cyberattacks (15% financial assets, 12% sensitive data, 36% customer data). Only sixteen percent were most concerned with downtime due to Denial-of-Service (DoS) attacks.
From malware, Internet of Things (IoT)-based attacks, phishing, ransomware, crypto-jacking, DoS attacks, zero-day exploits, to SQL injection attacks are all the nefarious ways you and your company get exploited. And when considering all these possibilities, it takes a monumental effort to 100% defend and protect against cyberthreats. The reality is you simply cannot fend off every possible cyber-attack. Some breaches are inevitable.
Here at ASG, we think rather than trying to prevent every attack, a more effective strategy is developing better detection and response. You clearly can’t rely on a defense-only strategy. We encourage all of customers to have some focus on detection and response tactics and technologies. One way to do this is by integrating security into your network and DevOps operations. Having infrastructure analytics providing complete visibility across the network gives you early detection for anomalous behavior, including any insider activity that you maybe weren’t aware of.
At ASG, we use AVA for this. Advanced Vector Automation uses machine learning providing automation controls that can shut down any threats in order to maintain your infrastructure operation and performance. When you look at how quickly WannaCry and NotPetya spread across networks, there is no way a human could respond fast enough to stop the malware. Your security staff will continue to be limited to tactical aspects unless automation takes on some of the more repetitive functions, allowing your employees to adopt a more strategic and effective security stance.
53% of IT leaders don’t know if their cybersecurity controls are working.
Another recommendation from ASG is leveraging a managed detection and response (MDR) solution. We often see organizations with minimal cybersecurity staff. Not only does this under-staffing hamper them with detecting and responding to security breaches, but this also prevents them from being able to execute strategic cybersecurity initiatives, train employees in security best practices, build a culture of security awareness and effectively manage their security vendors.
ASG has been working with MDR vendors for many years. We have discovered these solutions will amplify your current security team with valuable expertise and proven hunting methodologies. Threat monitoring and investigating done right for a medium size organization takes at least 10-20 hours per week with larger companies spending over 40 hours per week doing it. An MDR solution takes this burden off eliminating alert fatigue which can potentially create security “holes.” Perhaps the biggest advantage of using an MDR solution is the reduced risk of any detection gaps you might have. As they say, you don’t know what you don’t know…