No one is one hundred percent safe and protected from experiencing a breach. A breach should always be anticipated, so being prepared is key for when one does occur. Vulnerabilities can be present from any direction and organizations should constantly monitor and protect their networks.
Security should be a part of every level from human resources to the IT department. Non-technical employees have a lot to offer the organization regarding security. They are the everyday users conducting work through the network and can keep an eye out for possible vulnerabilities.
Security is everyone’s responsibility, not just the security team. Open lines of communication between employees and the security team raises security awareness. Educated and trained employees can use the knowledge they learned to stay aware of their actions online, mitigating possible phishing attacks.
Continuously monitoring employee activity on the network can allow your organization to point out any vulnerabilities within systems, applications, or data. By understanding what policies and protocols are not being followed, the organizations can formulate their training and educational meetings around them. The security team should stay well-informed of current security news and practices to ensure the safety and security of employees, assets, clients, and the organization.
Open source intelligence (OSINT), security blogs, security reports, newsletters and daily news available online can offer security experts with the intelligence and guidance needed to provide the organization with the most protection. Develop relationships with other organizations, as another means of an intelligence source to learn and share ideas.
Open source intelligence, such as Open Threat eXchange (OTX), can be used to provide peer reviewed information that help many organizations. These information sources can be great effective tools of information that can offer alerts to stop many problems. Another source, Anomali’s STAXX OVA, once deployed in the organization can tie many threat intelligence sources into one platform, providing context and free samples of threat sources.
The policies and procedures of the organization regarding security should be customized around the demands and the types of threats facing the organization; not every organization will experience the same threats. For every specific need, the tools specific to the need should be used. To determine the vulnerabilities facing the organization it is important to perform risk assessments, exposing potential vulnerabilities and minimizing risk. Real-time sources, such as server and network logs or NetFlow session information, should be maintained. Performing penetration within your organization can allow the security team to learn where an attacker might try to expose a vulnerability and can catch unauthorized activity. Contingency and disaster recovery plans must also be in place, so in the event of an attack the organization can react effectively and immediately.