Advanced persistent threats (APTs) have become ubiquitous. In APTs, cyber criminals gather valuable reconnaissance intelligence, pursue multiple attack techniques, and persevere to accomplish their exploitation objectives.
Napoleon once famously stated, “War is ninety percent information.” This statement rings true for cyber security and risk management as well.
Over five months In 2014, four data breaches occurred in the United States that compromised the personal data of over 82 million people. That’s equivalent to almost a quarter of the US population. (Anthem, the US Postal Service, Staples, and the State of Oregon Employment Department were breached.)
Organisations must now assume that attackers will circumvent defences, penetrate networks, compromise systems and advance their attacks, whatever it takes.
Just because an attack can compromise a system, however, it doesn’t mean that a breach should automatically follow. Advanced incident detection and response programs are fast gaining popularity as a means to collect insight into all activities across networks, applications and databases, enabling organisations to monitor and respond to threats in a timely manner.
Organisations must supplement attack prevention with a more thorough strategy for threat detection and incident response. A survey conducted by the Enterprise Strategy Group tried to identify organisational weaknesses in incident detection and response activities, the results of which can be seen below.
Threat intelligence and response is still quite a challenging and manually intensive process, and one that is still relatively immature in most organisations.
One thing is certain: businesses are still left to their own devices to calculate the very difficult details of the kind of impact a breach could have on an organisation. Incident management is a vital element of a strong overall cyber security posture, and so is having an effective cyber risk management strategy in place. Adopting a risk-based approach to cyber security is essential.
Risk assessments must be conducted as part of an ISO 27001 information security regime. Find out how vsRisk can help you conduct an ISO 27001-compliant cyber security risk assessment much faster, much simpler and much more cost-effectively than other available products.