Gone are the days of passive security where you could just deploy anti-malware and a firewall and consider yourself protected. Today’s cybersecurity landscape requires you to take an active role, stay vigilant and respond.
First things first — you need to know what you have, and what needs to be protected:
- Your data: What makes you special? What are the crown jewels in your environment?
- The devices used to create and consume that data: Where are they? What are they running?
Once you have identified what you have, you need to layer defenses to protect your assets. This starts with anti-malware and firewalls.
But to adapt to a rapidly changing world, this must also include patch management and efficient roll outs of updated configurations.
How do you know your protection is working?
Monitoring: by looking at the logs, recognizing indicators of compromise, correlating events and identifying patterns.
Test|Run phishing simulations|Constantly improve
And if you detect something? You take action:
Block the attack|Take the asset offline|Plug the hole|Inspect for other signs of compromise
You must practice, review and do it again. What's worse than an attack? An attack that can continue because you have not responded to it.
This is the part we wish we never had to do — but in worst-case scenarios it is vital.
One aspect is the preparation: having air-gapped backups and a plan that has been thoroughly tested.
The other aspect is actioning the plan: recovering the data and rebuilding systems while minimizing the impact on day-to-day activities.