Cue the year-end articles saying that this was the worst year to date for data breaches. Follow that with more dire predictions for 2017. Layer in one-size-fits-all recommendations to mitigate these risks. And finish with technology solutions that you must have. If you read all of this you might come away thinking that if your company is not using AI and machine learning, buying threat intelligence, building a threat-hunting team, installing a next-generation antivirus solution, deploying an endpoint product and reducing your attack surface, all of those bears people talk about outrunning may already be in your network.
It is true that there were a lot of incidents disclosed in 2016, and for the first time an incident reportedly affected 1 billion accounts. There are core steps most companies can take to mitigate risk and be prepared to respond when an incident is detected. And depending on the company’s risk profile, you may be implementing all of those security measures. But the many years spent responding to security incidents reveal several constants:
After the incident is investigated and the incident response team is looking back for lessons learned, it is not uncommon for the lessons to include:
While most of the security incident disclosures in 2016 related to theft of data, the surge of ransomware and emergence of denial-of-service tools fueled by compromised IOT devices demonstrate that maintaining operational resiliency is equally as important as preventing data theft. The 10-k cyber risk disclosures of many public companies state that the company relies on technology to operate its business and a failure of that technology could have a material impact. Despite those statements, many companies that have focused primarily on preventing data theft are now addressing: (1) whether their critical operating systems are as well-guarded as systems that interact with sensitive data; (2) what backup capabilities and procedures are in place in the event of a widespread outbreak of ransomware; (3) in anticipation of facing a ransom or cyber-extortion scenario, whether the company should establish and fund a bitcoin wallet; and (4) what denial-of-service mitigation solutions are in place.