What can you do to safeguard against the sophisticated threats of today’s cyber-criminals? Following are some best-practice recommendations to keep in mind as you evaluate your options.
- Strategize – Take a step back to analyze your situation and write down your security goals. Answering the following questions is typically a good start: What data do I possess and in what context is it being used? What are the ramifications of this data ending up in the wrong hands? What regulatory mandates do I have to comply with? What level of investment am I willing to commit to protect my assets? With further clarity around your goals you can start crafting a solid online defense-in-depth strategy which should provide a multi-layered computer security approach to effectively protect against today’s sophisticated cyber threats. This will save you much heart-ache not to mention public embarrassments down the road.
- Execute – With your strategy in place now is the time to start implementing your tools and measures. This should entail buttoning up any weaknesses that your analysis revealed starting at the perimeter (firewall) and working your way inward including network, application, and data stacks. The analysis can be accomplished by an internal team but it is often beneficial to hire an outside firm or consultant with deep subject matter expertise.
- Monitor – The one thing to keep in mind with security is that it’s always a moving target. As fraudsters evolve you have to evolve. As such, it’s important that you continuously evaluate the effectiveness of the controls you have in place and make changes when needed. This should involve continuously auditing your controls and properly training your employees to ensure the appropriate processes and procedures are followed.
It should be noted that although hacking typically has a negative connotation it can also be used as part of your strategy to improve your organization’s security posture. Ethical hackers are computer security experts that are hired to help organizations protect against cyber criminals. These professionals are sometimes referred to as white-hats whereas their criminal counterparts are referred to as black-hats. They are often invaluable assets as they are trained to think like cyber-criminals and thus effective in identifying security holes at every level of the organization.
Cyber-crime has evolved into a complex, highly organized machine that involves a hierarchy of people. Looking from the outside in, there’s little to distinguish cybercrime organizations from any other business. Now, more than ever do you need to put in place the appropriate measures to protect your assets. Evaluate your current security posture, initiate discussions with your peers, and bring visibility to this issue so you can help your organization put the right wheels in motion.