Technology

Takin’ Care of Business: A Security To-Do List to Fend Off Cybercrime

With the cost of cybercrime reaching $2 trillion by 2019, companies need a comprehensive security strategy to safeguard their networks.
By Eric Cole
February 20, 2018
Topics
Technology

The king of rock and roll, Elvis Presley, was famous for “Takin’ Care of Business.” But when it comes to a cybersecurity dashboard, are the right metrics and visibility in place to mount a proper cyber defense? Or are cyber optics just along for the ride?

No matter how many news stories about hacks, information theft and cyber espionage surface within the Facebook or Twitter feed, the idea that it could happen to any organization sometimes remains just that. Many companies do not devote the proper resources to effectively safeguarding their networks, even though the global cost of cybercrime will reach $2 trillion by 2019, up three times the amount in 2015.

Don’t wait for cybercrime to strike — remember that the best defense is always a good offense. Maintaining a successful security strategy requires dedication and delivering on a strategy that supports all functions of an organization. Security is a company-wide issue, and quantifiable metrics not only unify language but also demonstrate success.

Keep Eyes on the Prize

The IT team can’t catch what it doesn’t see. Maintaining a comprehensive view of the entire organization means more than just access to networks and systems. It requires an understanding of typical user behaviors and data traffic patterns, plus an awareness of corporate protocols as they relate to remote users and servers.

Proper visibility throughout an organization necessitates laser focus on:

  • BYOD (Bring Your Own Devices) protocol and management. Most organizations have policies around personal devices brought from home. These may or may not be followed, so a closer eye on device usage throughout the organization is warranted.
  • Email traffic. In the third quarter of 2016 alone, 18 million new malware samples were captured. Viruses via email remain a top concern for security teams.
  • Social and Internet traffic. It’s likely that most employees in an organization use social media, perhaps even to promote the business. Prevent them from becoming an avenue into committing fraud or damaging the brand.
  • Unusual user behaviors. Understanding an organization’s user behaviors is key to spotting abnormal patterns. Communicate clear policies and expectations for employees and enforce compliance to avoid accidental missteps and catch genuine incidents.
  • Cloud applications and virtual servers. Internet-based applications create functional and productivity tools for an organization, but they put data at risk. Careful monitoring and protective firewall construction prevent easy access for hackers.

The Best Metrics: Keep It Simple

Create a security plan with goals that are understood and supported by the whole company. Measurement offers a clear and concise method of presenting critical information, so it’s important to measure the right statistics.

Communicate on stats and data aligned with business objectives to gain the support of employees and create a common language that everyone can understand. Focus on answering the following questions:

  • How is the company doing compared to its peers? In today’s business environment, understanding how successfully the organization prevents data loss or theft compared to other companies in the industry provides a clear perspective on how effectively the strategy is working.
  • How quickly can the company respond to a breach? A response plan to a potential security incident is a critical factor in recovering from a cybercrime. Remember, it’s not IF a company is breached, it’s when. Recognition of an incident, isolation of a breach and recovery convey the crucial steps to preventing widespread loss of private data. Two effective security metrics are “dwell time” and “lateral movement.” Dwell time answers the question, "how long did it take to find and contain a breach?" Lateral movement describes how a company was or was not able to prevent the cyber adversary’s movement throughout the network.
  • Is the company getting better? Cybersecurity is never “done.” Regular audits of security processes and breach protocols provide opportunity to improve and excel. Make sure management is cognizant of the evolving journey.
  • Is it spending enough (or too much) money? Aligning security technology and human resources with return on investment can be tricky, but budget allocations are a realistic pain point for many security departments and must be addressed.

Creating and maintaining a thorough view of an organization’s user, network and system traffic allows a security team to design a blueprint to a comprehensive security strategy. Communicating that plan and measuring its success requires the right metrics to align IT with business and prevent widespread damage from information thieves.

Be a cybersecurity rock star. Just like any musician, there will be big hits and flops. But when a company can see where it’s going, with the right visibility into systems, the company will be TCB - takin’ care of business.

by Eric Cole
Dr. Eric Cole is former CTO of McAfee and Lockheed Martin, member of the Commission on Cyber Security for President Obama, the security advisor for Bill Gates and his family, and author of a new book, Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet

Related stories

Technology
Employing Supporting Roles for Your IT Team
By Christian Burger
For construction businesses to be effective in selecting, managing and deploying technology—especially when the influence, intelligence and complexity of that technology is growing—they need a new approach to IT.
Technology
Integrating Software and Hardware Technology in the Field
By Bryan Williams
Field technology has advanced increasingly in recent years. Combing the advancing software with hardware in the field can significantly improver performance on the jobsite.
Technology
Simplifying and Extending a Building's Lifecycle With Digital-Twin Technology
By César Flores Rodríguez
Digital-twin technology takes data beyond BIM, out of silos and into the interactive real world in real time.

Follow us




Subscribe to Our Newsletter

Stay in the know with the latest industry news, technology and our weekly features. Get early access to any CE events and webinars.