May 31, 2017 by

Are you prepared for a data breach?

No one is one hundred percent safe and protected from experiencing a breach. A breach should always be anticipated, so being prepared is key for when one does occur. Vulnerabilities can be present from any direction and organizations should constantly monitor and protect their networks.

Security should be a part of every level from human resources to the IT department. Non-technical employees have a lot to offer the organization regarding security. They are the everyday users conducting work through the network and can keep an eye out for possible vulnerabilities.

Security is everyone’s responsibility, not just the security team. Open lines of communication between employees and the security team raises security awareness. Educated and trained employees can use the knowledge they learned to stay aware of their actions online, mitigating possible phishing attacks.

Continuously monitoring employee activity on the network can allow your organization to point out any vulnerabilities within systems, applications, or data. By understanding what policies and protocols are not being followed, the organizations can formulate their training and educational meetings around them. The security team should stay well-informed of current security news and practices to ensure the safety and security of employees, assets, clients, and the organization.

Open source intelligence (OSINT), security blogs, security reports, newsletters and daily news available online can offer security experts with the intelligence and guidance needed to provide the organization with the most protection. Develop relationships with other organizations, as another means of an intelligence source to learn and share ideas.

Open source intelligence, such as Open Threat eXchange (OTX), can be used to provide peer reviewed information that help many organizations. These information sources can be great effective tools of information that can offer alerts to stop many problems. Another source, Anomali’s STAXX OVA, once deployed in the organization can tie many threat intelligence sources into one platform, providing context and free samples of threat sources.

The policies and procedures of the organization regarding security should be customized around the demands and the types of threats facing the organization; not every organization will experience the same threats. For every specific need, the tools specific to the need should be used. To determine the vulnerabilities facing the organization it is important to perform risk assessments, exposing potential vulnerabilities and minimizing risk. Real-time sources, such as server and network logs or NetFlow session information, should be maintained. Performing penetration within your organization can allow the security team to learn where an attacker might try to expose a vulnerability and can catch unauthorized activity. Contingency and disaster recovery plans must also be in place, so in the event of an attack the organization can react effectively and immediately.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward