A new report produced by IBM and the Ponemon Institute demonstrates the impact of a constantly changing cyber security landscape, with a single data breach costing a business more than $4 million. With an average detection and containment time of 287 days, businesses are beginning to pivot toward a new approach called cyber resilience.
Cyber resilience acknowledges the above pressures, as well as an increased identification delay due to the pandemic causing many companies to move to remote work. The above detection and containment number is a full seven days longer than prior to 2020. And in organizations where remote work represents more than 50% of the staff, an average of 316 days was required for breach identification and containment.
Some industries are hit harder than others, with healthcare, financial services, and pharmaceuticals bearing some of the highest costs for a breach.
But business leaders should not throw their hands up and abandon their cyber security policies in an acceptance of the futility of pursuing a secure environment. Instead, it’s time to shift to cyber resilience. These six steps will get you started:
- Adopt a zero-trust security approach. Rather than an approach that assumes devices and users are safe until an anomaly is detected, zero trust assumes that no device or user is trustworthy. It puts limits in place so that users and devices are able to access resources only in certain contexts. Zero trust uses passwords, multi factor authentication, and other measures to ensure access is limited. You can also employ encryption to protect data in transit and as it is being accessed by cloud solutions for complete zero-trust effectiveness.
- Invest in security orchestration, automation, and response (SOAR) tools that assist with accelerating incident response through automation and process standardization, as well as integrating seamlessly with your business’s existing security tools.
- Adopt technology for monitoring endpoints, including those utilized by remote employees. This gives your security team deeper visibility into activities and any anomalies that occur across mobile devices, company-owned laptops, desktops, and internet of things (IoT) devices. Better visibility allows you to identify and isolate a threat, containing potential damage before it impacts the rest of the environment.
- Compare your internal cyber resilience policies with requirements for governance and risk management. Developing an internal framework for audits to assess risk across your company and your success level at compliance with governance can help you improve your ability to detect a breach.
- Test. The suggestions listed above will be most effective when they have been regularly and vigorously tested in high-stress settings that mimic the environment of a data breach.
- Minimize complexity. If you invest in open security architectures, it will be easier for disparate systems to share data and for your security team to detect any issues across a hybrid or multi-cloud environment. It may be beneficial to work with a managed security services provider to reduce complexity through monitoring and integrated services.
Employee training is also of utmost importance in establishing cyber resilience. The report identified compromised credentials as the most common access point for a breach. Training employees on the cost of a breach and the role they can play in protecting the business can help reduce the chances of an intrusion.
If your business is considering taking a cyber resilience approach, contact us at ITBroker.com. We can help you establish best practices as well as leverage the technology you need to protect your assets.