Gone are the days of passive security where you could just deploy anti-malware and a firewall and consider yourself protected. Today’s cybersecurity landscape requires you to take an active role, stay vigilant and respond.

IDENTIFY

First things first — you need to know what you have, and what needs to be protected:

- Your data: What makes you special? What are the crown jewels in your environment?

- The devices used to create and consume that data: Where are they? What are they running?

PROTECT

Once you have identified what you have, you need to layer defenses to protect your assets. This starts with anti-malware and firewalls.

But to adapt to a rapidly changing world, this must also include patch management and efficient roll outs of updated configurations.

DETECT

How do you know your protection is working?

Monitoring: by looking at the logs, recognizing indicators of compromise, correlating events and identifying patterns.

Test|Run phishing simulations|Constantly improve

RESPOND

And if you detect something? You take action:

Block the attack|Take the asset offline|Plug the hole|Inspect for other signs of compromise

You must practice, review and do it again. What's worse than an attack? An attack that can continue because you have not responded to it.

RECOVER

This is the part we wish we never had to do — but in worst-case scenarios it is vital.

One aspect is the preparation: having air-gapped backups and a plan that has been thoroughly tested.

The other aspect is actioning the plan: recovering the data and rebuilding systems while minimizing the impact on day-to-day activities.