This article originally appeared on the Palo Alto Networks Research Center blog. Please visit Here Are 5 Things Your Cybersecurity Team Must Do for more information on developing an end-to-end cybersecurity plan.
Cybersecurity is a hot topic these days. Corporate breaches in the headlines have turned hackers into the new super villains. “Revenge of the Nerds” is alive and well, and hacking is their super power. It’s no wonder that every customer meeting I attend starts with a concerned voice: “what can we do to protect ourselves and our customers” from these new super villains? Secretly, they’re wishing to hear about a shiny new product that will solve all of their security problems, providing new protection for every new attack.
As surprising as it may sound, these villains’ new tactics are not as new as you might think; in fact, many of the so-called new attacks could have been prevented by correctly using existing security technologies as part of an end-to-end cybersecurity plan. So what is the plan? You’ve got to start by thinking like a hacker.
Learn about your business’s unique patterns of people-data interaction; what and how it needs to be protected, who needs access to it and when, and what is the expected interaction they will have with the data.
Hackers look for gaps, the path of least resistance. Why break down the front door, if you can easily get in through an open window? Your security solution must prevent as much as possible across multiple vectors and phases of the cyberattack lifecycle.
Your answer should be nothing and no one. Look to uncover and inspect as many compression and encryption protocols as possible, making sure that the data entering your network is what you expect it to be, and from whom you expect it to arrive. You must detect new unknown attack components across all traffic.
As you plan to add new products or processes, strive to reduce complexity and keep it simple: simple to manage, simple to monitor, simple to update, and simple to control. Any blind spot or unattended system can and will be used against you, especially in multi-step attacks. Don’t forget to include your partners and employees in this process.
New security protections can become outdated quickly, if they are not attended to and updated regularly. Threats are constantly changing, requiring continuous monitoring, tracking and assessments in order to keep your security up to date. Timing is everything. You must be able to turn new global threat intelligence into prevention across your organization very quickly.
Please, rotate your device