SlideShare ist ein Scribd-Unternehmen logo

Prevent & Protect

Mike McMillan
Mike McMillan
1 von 5
Downloaden Sie, um offline zu lesen
1 | P a g e PREVENT & PROTECT
2 | P a g e The number of U.S. data breaches tracked in 2014 hit a record high of 7831, according to a recent report released by the Identity Theft Resource Center. An article in CNN Money estimated nearly one million malware threats are released every day2. Malware in general is more malicious than years past, with ransomware being just a small example of our challenges in IT. Although Gartner stated that organizations will increasingly recognize that it is not possible to provide a 100 percent secured environment3, businesses must develop strategies to prevent and protect from data breaches. In a nutshell, the security landscape has significantly changed over the last several years and businesses must adapt by incorporating cost effective solutions to fight the ever-growing threats. To complicate the issue, many IT departments have faced reductions of force and often have had budget constraints that limit their ability to stay ahead of the curve. DSM has assessed a great number of environments and regardless of the size of the organization and number of IT people on staff, every assessment yields a great number of vulnerabilities. Moreover, DSM has noted weaknesses during many of our assessments that indicate gaps in an organization’s ability to recover data in the event of a breach. Backups were the traditional way to protect from data loss; however, it is no longer sufficient as a standalone solution. In short, businesses must layer prevention and protection strategies. Prevention Strategies In simplistic terms, a prevention strategy should stop threats before they occur. The question business leaders should ask is, “how secure are my systems and data?” If a survey was sent to a dozen IT departments, most likely the results would indicate a broad number of strategies being deployed followed immediately by statements indicating that staffing and budgeting are limiting their ability to prevent malicious attacks. Many business leaders are not technical and must rely upon their technical staff to provide guidance. Often internal IT departments lack the knowledge and/or expertise in deploying technologies or processes to help mitigate against a breach. Accordingly, DSM recommends asking these simple questions: (1) What are we doing today to prevent a data breach? (2) What limitations are we facing? (3) What is the process to validate our data and systems are protected? 1 Identity Theft Resource Center Breach Report Hits Record High in 2014 2 Nearly 1 million new malware threats released every day 3 Gartner Identifies the Top 10 Strategic Technology Trends for 2015 Backups were the traditional way to protect from data loss; however, it is no longer sufficient as a standalone solution. In short, business must layer prevention and protection strategies.
3 | P a g e The answers to these questions will help define the magnitude of information security as a true business threat. Then the organization will be ready to determine the overall readiness and health of IT. The most common practice of identifying issues and establishing budgets is leveraging a third party assessment. Before embarking on an assessment, the business needs to ensure it is willing to put the effort to remediate and mitigate against identified risks. Moreover, the firm providing the assessment must gain your confidence by showing it has a methodology that maps to your business needs. Accordingly, DSM developed an assessment methodology that breaks down our findings into four categories. 1) Security 2) Management 3) Availability 4) Recovery This approach produces a comprehensive review of an environment beyond traditional security. In fact, it provides a review of an organization’s ability to recover and outlines improvements for systems management, IT automation and high availability to applications and data. This proven methodology provides health checks of critical systems and applications in conjunction with assessing the security and overall recoverability of an environment. Additionally, DSM provides budgets to remediate and strengthen the underlying technologies your business depends upon. Assessment Woes While IT Assessments are a proven approach to identifying weaknesses, not everyone is comfortable with a third party reviewing their environment. Depending upon the situation, some technical people may embrace an assessment while others tend to avoid them. DSM has performed a great number IT assessments which have yielded many different views from the various IT teams. One observation is that many organizations have a strong confidence in their solutions. In some instances we have experienced resistance to an outsider assessing their security posture due to insecurities. Regardless of the maturity of an organization or the age of the systems that are deployed, auditors most always uncover issues that would have gone unnoticed until an event surfaced the weakness. Simply said, everyone can improve process or techniques to secure infrastructure and data. The real question everyone should ask is, “If a data breach occurred, how would it impact our business?” SafeNet stated Data breaches have a significant impact on whether a customer will interact with an organization again4. Additionally, IBM and Ponemon Institute indicated that the total average cost for data breaches paid by United States companies increased from $5.4 million to $5.9 million5 in 2014. Is it worth the risk or should organizations have a preventative strategy? We believe an assessment is only one layer of protection but it will remain a necessity to ensure organizations are following industry best practices. 4 Global Survey Reveals Impact of Data Breaches on Customer Loyalty 5 2014 Cost of Data Breach Study: United States Data breaches have a significant impact on whether a customer will interact with an organization again.
4 | P a g e Protection Strategies DSM believes in the statement, it is not a matter of “IF’ it is “WHEN” as it relates to security breaches. Accordingly, DSM recommends that organizations mature in the area of protection strategies. Simplified, a protection strategy is a layered approach to protect data from being compromised and in the event of an emergency the data or systems can easily be recovered. At a high level, organizations must go beyond traditional backups to ensure they are protecting critical and confidential data. Confidential data should be encrypted to minimize the threat of leakage and organizations must consider technologies that streamline the recovery approach for corrupted or loss data. How Effective are My System Backups? The good news is technology is constantly improving; however, many organizations have made significant investments in backup technologies that may not be effective. IT assessments have identified that many organizations are performing traditional backups, nevertheless they are lacking a comprehensive recovery strategy to recover data beyond a backup. Accordingly, there are gaps between business requirements and the technical ability to provide instant access to data after an outage. Disaster Recovery has been focused mostly on the fire or the hurricane but must expand into the real threat of today which is data compromise or leakage. Today’s businesses require the ability to recover data from minutes ago versus last night’s backup. An easy calculation for recovery times is if it takes one (1) hour to backup data, it will typically take two (2) hours to recover it with traditional backups. Hence, how can we shorten our recovery time in the event of a virus such as CryptoLocker? Beyond security awareness training to reduce the end user’s mistake, businesses must leverage technologies that provide automated snapshots of files or volumes. DSM recommends reviewing your data protection solution to ensure it has adequate retention and archive for compliance and that it has the ability to replicate the data offsite. In addition, it should tightly integrate into virtual infrastructure while giving the ability to instantly recovery both physical and virtual systems. Performing IT Basics One interesting finding that all assessments have disclosed is most organizations are not doing the IT basics. IT staff reduction in conjunction with speed that technology changes has yielded an interesting issue. IT departments tend to spend more energy with projects in parallel with troubleshooting the tireless day- to-day technical issues as opposed to keeping up with the daily management tasks. Results show that patch management for Microsoft and third party applications is not managed well in most every environment. While most have automated tools, many are not fully configured or lack processes to validate systems and applications are updated. Moreover, some audits reveal that Anti-Virus can be sparsely implemented. The reality is the day-to-day tasks which are essential to protecting the environment are somewhat boring which exasperates the situation. Based upon our experience, it appears that many IT teams would rather learn the new upcoming technology rather than focusing on the daily management tasks. Today’s businesses require the ability to recover data from minutes ago versus last night’s backup. An easy calculation for recovery times is if it takes one (1) hour to backup data, it will typically take two (2) hours to recover it with traditional backups.
5 | P a g e Another driving factor for poor patch and AV management is that these lower-level tasks are often delegated to junior IT staff without the appropriate controls to validate. As a result, critical tasks which are essential to protection and recovery are often overlooked due to the backlog of Critical and Important tasks that fill up the ticketing queue for those who have ticketing systems. For the lesser sophisticated staff that does not leverage a ticketing system, these crucial tasks are lost. Delegating low-level tasks does not mean you are minimizing the criticality or delegating the responsibility; it simply means controls such as reporting must be in place to validate on a routine basis. Conclusion In summary, the security landscape has significantly changed over the last several years and businesses must invest in strategies not only to prevent a malicious attack while protecting data but also have the enhanced recovery abilities. In the past many businesses would elect to repurpose budgets allocated to security towards higher prioritized projects. Risks today expand beyond an inconvenience to downtime and possible data corruptions that places customers and revenue lines at risk. Data protection has to extend beyond standard backups to enterprise- class systems that enable offsite replication and instant recovery. In addition, solutions have to expand beyond backups to provide high availability to essential data. The lower skilled tasks do not lessen the level of urgency to ensure backups and patches are pushed out on a routine basis. Accordingly, management must deploy appropriate controls to validate these tasks are completed. DSM recognizes that budgets can limit an organizations ability to have a foolproof system, nevertheless, DSM has leveraged a layered approach that delivers these services at an affordable cost. For more information about Information Security and how we can help you, please contact us at 863-802-8888 or security@dsm.net.

Empfohlen

Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_toolsEma report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_toolsAnjoum .
 

Empfohlen

Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_toolsEma report -_ibm_security_q_radar_incident_forensics_vs_other_industry_tools
Ema report -_ibm_security_q_radar_incident_forensics_vs_other_industry_toolsAnjoum .
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
when minutes counts
when minutes countswhen minutes counts
when minutes countsMartin Lindgren
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Hewlett Packard Enterprise Business Value Exchange
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Universidad Cenfotec
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...Zaid Ahmad
 
Awareness campaigns
Awareness campaignsAwareness campaigns
Awareness campaignsUniversity of Exeter Students' Guild
 

Weitere ähnliche Inhalte

Was ist angesagt?

Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Universidad Cenfotec
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 

Was ist angesagt? (20)

5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
when minutes counts
when minutes countswhen minutes counts
when minutes counts
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performance
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.
 
Research Paper
Research PaperResearch Paper
Research Paper
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 

Andere mochten auch

A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...Zaid Ahmad
 
National Conference - Awards Banquet
National Conference - Awards BanquetNational Conference - Awards Banquet
National Conference - Awards BanquetPixel Zebra
 
Zip line tours geronimo construction
Zip line tours geronimo constructionZip line tours geronimo construction
Zip line tours geronimo constructionAndre Adams
 
Transtornos da personalidade
Transtornos da personalidadeTranstornos da personalidade
Transtornos da personalidadeLu1zFern4nando
 
Amber Willey Retail Resume
Amber Willey Retail ResumeAmber Willey Retail Resume
Amber Willey Retail ResumeAmber Willey
 

Andere mochten auch (9)

A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
A Charter of Guidance for The Muslim Ummah Derived from The Quran and Sunnah ...
 
Awareness campaigns
Awareness campaignsAwareness campaigns
Awareness campaigns
 
National Conference - Awards Banquet
National Conference - Awards BanquetNational Conference - Awards Banquet
National Conference - Awards Banquet
 
Zip line tours geronimo construction
Zip line tours geronimo constructionZip line tours geronimo construction
Zip line tours geronimo construction
 
Volcano
VolcanoVolcano
Volcano
 
Graffiti
GraffitiGraffiti
Graffiti
 
Transtornos da personalidade
Transtornos da personalidadeTranstornos da personalidade
Transtornos da personalidade
 
Amber Willey Retail Resume
Amber Willey Retail ResumeAmber Willey Retail Resume
Amber Willey Retail Resume
 
Aval bimest. 6 º 1âºb
Aval bimest. 6 º 1âºbAval bimest. 6 º 1âºb
Aval bimest. 6 º 1âºb
 

Ähnlich wie Prevent & Protect

Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingDanielle Bowers
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxSingle Point of Contact
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
Insider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeInsider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeDataCore Software
 

Ähnlich wie Prevent & Protect (20)

Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Information Security Analyst Resume. When seeking
Information Security Analyst Resume. When seekingInformation Security Analyst Resume. When seeking
Information Security Analyst Resume. When seeking
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptx
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Insider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeInsider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection Imperative
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 

Prevent & Protect

  • 1. 1 | P a g e PREVENT & PROTECT
  • 2. 2 | P a g e The number of U.S. data breaches tracked in 2014 hit a record high of 7831, according to a recent report released by the Identity Theft Resource Center. An article in CNN Money estimated nearly one million malware threats are released every day2. Malware in general is more malicious than years past, with ransomware being just a small example of our challenges in IT. Although Gartner stated that organizations will increasingly recognize that it is not possible to provide a 100 percent secured environment3, businesses must develop strategies to prevent and protect from data breaches. In a nutshell, the security landscape has significantly changed over the last several years and businesses must adapt by incorporating cost effective solutions to fight the ever-growing threats. To complicate the issue, many IT departments have faced reductions of force and often have had budget constraints that limit their ability to stay ahead of the curve. DSM has assessed a great number of environments and regardless of the size of the organization and number of IT people on staff, every assessment yields a great number of vulnerabilities. Moreover, DSM has noted weaknesses during many of our assessments that indicate gaps in an organization’s ability to recover data in the event of a breach. Backups were the traditional way to protect from data loss; however, it is no longer sufficient as a standalone solution. In short, businesses must layer prevention and protection strategies. Prevention Strategies In simplistic terms, a prevention strategy should stop threats before they occur. The question business leaders should ask is, “how secure are my systems and data?” If a survey was sent to a dozen IT departments, most likely the results would indicate a broad number of strategies being deployed followed immediately by statements indicating that staffing and budgeting are limiting their ability to prevent malicious attacks. Many business leaders are not technical and must rely upon their technical staff to provide guidance. Often internal IT departments lack the knowledge and/or expertise in deploying technologies or processes to help mitigate against a breach. Accordingly, DSM recommends asking these simple questions: (1) What are we doing today to prevent a data breach? (2) What limitations are we facing? (3) What is the process to validate our data and systems are protected? 1 Identity Theft Resource Center Breach Report Hits Record High in 2014 2 Nearly 1 million new malware threats released every day 3 Gartner Identifies the Top 10 Strategic Technology Trends for 2015 Backups were the traditional way to protect from data loss; however, it is no longer sufficient as a standalone solution. In short, business must layer prevention and protection strategies.
  • 3. 3 | P a g e The answers to these questions will help define the magnitude of information security as a true business threat. Then the organization will be ready to determine the overall readiness and health of IT. The most common practice of identifying issues and establishing budgets is leveraging a third party assessment. Before embarking on an assessment, the business needs to ensure it is willing to put the effort to remediate and mitigate against identified risks. Moreover, the firm providing the assessment must gain your confidence by showing it has a methodology that maps to your business needs. Accordingly, DSM developed an assessment methodology that breaks down our findings into four categories. 1) Security 2) Management 3) Availability 4) Recovery This approach produces a comprehensive review of an environment beyond traditional security. In fact, it provides a review of an organization’s ability to recover and outlines improvements for systems management, IT automation and high availability to applications and data. This proven methodology provides health checks of critical systems and applications in conjunction with assessing the security and overall recoverability of an environment. Additionally, DSM provides budgets to remediate and strengthen the underlying technologies your business depends upon. Assessment Woes While IT Assessments are a proven approach to identifying weaknesses, not everyone is comfortable with a third party reviewing their environment. Depending upon the situation, some technical people may embrace an assessment while others tend to avoid them. DSM has performed a great number IT assessments which have yielded many different views from the various IT teams. One observation is that many organizations have a strong confidence in their solutions. In some instances we have experienced resistance to an outsider assessing their security posture due to insecurities. Regardless of the maturity of an organization or the age of the systems that are deployed, auditors most always uncover issues that would have gone unnoticed until an event surfaced the weakness. Simply said, everyone can improve process or techniques to secure infrastructure and data. The real question everyone should ask is, “If a data breach occurred, how would it impact our business?” SafeNet stated Data breaches have a significant impact on whether a customer will interact with an organization again4. Additionally, IBM and Ponemon Institute indicated that the total average cost for data breaches paid by United States companies increased from $5.4 million to $5.9 million5 in 2014. Is it worth the risk or should organizations have a preventative strategy? We believe an assessment is only one layer of protection but it will remain a necessity to ensure organizations are following industry best practices. 4 Global Survey Reveals Impact of Data Breaches on Customer Loyalty 5 2014 Cost of Data Breach Study: United States Data breaches have a significant impact on whether a customer will interact with an organization again.
  • 4. 4 | P a g e Protection Strategies DSM believes in the statement, it is not a matter of “IF’ it is “WHEN” as it relates to security breaches. Accordingly, DSM recommends that organizations mature in the area of protection strategies. Simplified, a protection strategy is a layered approach to protect data from being compromised and in the event of an emergency the data or systems can easily be recovered. At a high level, organizations must go beyond traditional backups to ensure they are protecting critical and confidential data. Confidential data should be encrypted to minimize the threat of leakage and organizations must consider technologies that streamline the recovery approach for corrupted or loss data. How Effective are My System Backups? The good news is technology is constantly improving; however, many organizations have made significant investments in backup technologies that may not be effective. IT assessments have identified that many organizations are performing traditional backups, nevertheless they are lacking a comprehensive recovery strategy to recover data beyond a backup. Accordingly, there are gaps between business requirements and the technical ability to provide instant access to data after an outage. Disaster Recovery has been focused mostly on the fire or the hurricane but must expand into the real threat of today which is data compromise or leakage. Today’s businesses require the ability to recover data from minutes ago versus last night’s backup. An easy calculation for recovery times is if it takes one (1) hour to backup data, it will typically take two (2) hours to recover it with traditional backups. Hence, how can we shorten our recovery time in the event of a virus such as CryptoLocker? Beyond security awareness training to reduce the end user’s mistake, businesses must leverage technologies that provide automated snapshots of files or volumes. DSM recommends reviewing your data protection solution to ensure it has adequate retention and archive for compliance and that it has the ability to replicate the data offsite. In addition, it should tightly integrate into virtual infrastructure while giving the ability to instantly recovery both physical and virtual systems. Performing IT Basics One interesting finding that all assessments have disclosed is most organizations are not doing the IT basics. IT staff reduction in conjunction with speed that technology changes has yielded an interesting issue. IT departments tend to spend more energy with projects in parallel with troubleshooting the tireless day- to-day technical issues as opposed to keeping up with the daily management tasks. Results show that patch management for Microsoft and third party applications is not managed well in most every environment. While most have automated tools, many are not fully configured or lack processes to validate systems and applications are updated. Moreover, some audits reveal that Anti-Virus can be sparsely implemented. The reality is the day-to-day tasks which are essential to protecting the environment are somewhat boring which exasperates the situation. Based upon our experience, it appears that many IT teams would rather learn the new upcoming technology rather than focusing on the daily management tasks. Today’s businesses require the ability to recover data from minutes ago versus last night’s backup. An easy calculation for recovery times is if it takes one (1) hour to backup data, it will typically take two (2) hours to recover it with traditional backups.
  • 5. 5 | P a g e Another driving factor for poor patch and AV management is that these lower-level tasks are often delegated to junior IT staff without the appropriate controls to validate. As a result, critical tasks which are essential to protection and recovery are often overlooked due to the backlog of Critical and Important tasks that fill up the ticketing queue for those who have ticketing systems. For the lesser sophisticated staff that does not leverage a ticketing system, these crucial tasks are lost. Delegating low-level tasks does not mean you are minimizing the criticality or delegating the responsibility; it simply means controls such as reporting must be in place to validate on a routine basis. Conclusion In summary, the security landscape has significantly changed over the last several years and businesses must invest in strategies not only to prevent a malicious attack while protecting data but also have the enhanced recovery abilities. In the past many businesses would elect to repurpose budgets allocated to security towards higher prioritized projects. Risks today expand beyond an inconvenience to downtime and possible data corruptions that places customers and revenue lines at risk. Data protection has to extend beyond standard backups to enterprise- class systems that enable offsite replication and instant recovery. In addition, solutions have to expand beyond backups to provide high availability to essential data. The lower skilled tasks do not lessen the level of urgency to ensure backups and patches are pushed out on a routine basis. Accordingly, management must deploy appropriate controls to validate these tasks are completed. DSM recognizes that budgets can limit an organizations ability to have a foolproof system, nevertheless, DSM has leveraged a layered approach that delivers these services at an affordable cost. For more information about Information Security and how we can help you, please contact us at 863-802-8888 or security@dsm.net.