Greg Day, CTO EMEA at network security firm FireEye, shares his top tips on how businesses and individuals can protect their private data
1. Risky business
Understand the risk. Risks come in many guises from user error up to nation state attack, so understanding who is attacking you and why becomes just as important as what they are after. Traditional cybercrime focuses on quick commercial gain, so a typical breach would be aimed at gathering credit card data. This kind of breach has a lot less impact, though, compared to an advanced attacker who targets your gold nuggets of information. The techniques they use can be very similar but the impact varies hugely depending on who and why.
2. What’s it worth?
Understand the business and what makes it profitable. All businesses have something of value, but many can be blinded by the sheer volume of information that they have. Not all data is of equal value, so it’s important to do an audit so you prioritise what’s most valuable – essentially what makes your business profitable – and protect it accordingly.
3. It happens
Accept that incidents will happen. Traditionally businesses have focused on defence, but it’s important to remember that your response to a breach is just as critical, as this defines the commercial impactions of an incident. Typically we see (through our M-Trends annual report) the median time to find a compromise is 229 days, which is a lifetime. Getting into organisations is typically achieved through automation but once the business has been compromised it requires human interaction to find the valuable information and extract and this takes time. We need to reduce the time to find and respond to incidents down from months to hours. This is especially true when 97% of organisations we test through our pilot assessment process are compromised at that time and don’t even know it.
4. Practice and develop skills.
It’s rare that we do anything well the first time we try, so we have to practice to develop skills to make us better. However, many organisations don’t have well documented, tried and tested response strategies that cover not just the technical find and fix, but also the understanding of the incident. By doing this, you can put the appropriate business responses in place – which ultimately means damage limitation. What we need to see changing is businesses thinking of cybersecurity in terms of business problems and processes, rather than just something highly technical.
Are you an expert on privacy? Take our quiz!