“There are no pleasures in a fight but some of my fights have been a pleasure to win.”
– Muhammed Ali
Over the last few years cyber attacks have become more complex and costly. HP Enterprise Security sponsored a survey by the Ponemon Institute that revealed in 2014, the average cost of cyber crime for a U.S. organization was $12.7 million per year. At an increase of 96% since the first survey 5-years ago, these attacks aren’t stopping and can’t be ignored.
Enough is enough and it’s time to fight back. An aggressive plan for fighting off cyber attacks must be part of every company IT strategy. The same Ponemon report in 2013 concluded that, with the right technology solutions, a business could reduce the costs from a threat by $4M. So what exactly are the best weapons for this war? Here's a list of everything you should have in your bunker:
Security Information and Event Management (SIEM):
Used for real-time security alerts and analysis produced by network hardware and applications. With this weapon in the arsenal, you gain a holistic view into your organization's security making it easier to identify changes or abnormal patterns.
Intrusion Prevention Systems (IPS):
An IPS uses network security and threat prevention technology to add a layer of security behind your business’ firewall that can analyze and pick out potentially threatening activites. This weapon works well with others and according to Security Intelligence, “IPS, it seems, has found its place as a key component of a protection ecosystem rather than operating as an island.”
Systems for prioritizing and organizing critical assets can help prepare you for an attack. Former White House CIO Theresa Payton advises companies to determine which assets are POTUS level and which are VP level. By classifying data through this simple filter, it’s an easier task to protect assets.
Governance, Risk Management and Compliance (GRC):
Tools address security within publicly held companies by integrating and managing IT functions that are subject to compliance and regulation. To reduce risk, managers or administrators use a single framework for monitoring and enforcing policies and procedures.
Information Sharing with allies can also help reduce the risk and damage of a cyber attack. In 2012, financial adversaries Morgan Stanley and Goldman Sachs joined forces and worked with the Polytechnic Institute of New York University to examine their collaborative bank data for hints of potential attacks. Keep your friends close, but your enemies closer when saving your industry from a potential cyber security crisis.
Enterprise Security Governance:
These strategies reduce the risks associated when unauthorized users access company information or data. As most of us read about last year with Sony, the right information in the wrong hands can have a monumental effect on business and reputation. By developing a strategy that tests vulnerabilities, an organization should be able to stay in compliance and reduce the risks of an attack.
Earlier this year Business Insider said, “By now, most people should realize that cyber attacks aren’t a theoretical risk — they’re happening every day, and the scale of these attacks is growing worse each year.”
If you are armed and ready with the best tools for the fight you will not only win the battle, you can end the war.