Imagine a city that has no fire department.
Oh, the city leaders spend plenty of money on preventing fires. They make sure every home and building has fire extinguishers. All the fire escapes are built up to code. Building materials are made to be resistant to flames. But despite their best efforts, a fire will occasionally break out, and when it does, people who live in that city can do nothing but look at each other and wonder what went wrong.
Having no fire department will do that to you. As unlikely as this situation is in real life, unfortunately many businesses treat their cyber security in the same way. Almost all of the emphasis is placed on preventing security breaches, but when one actually occurs, the company quickly finds itself powerless to act. The moral of the story is that cyber threat protection may be better suited by stressing the need to become resilient to attackers.
We’ve already seen the results of placing so much focus on preventing cyber attacks — the number of security breaches is on the rise. Target, Sony, JPMorgan Chase, T-Mobile, and even the U.S. Office of Personnel Management have all become victims of cyber attackers in the past few years, and those are only the high profile cases. Just think of the various small to mid-size businesses — from new restaurants to converged infrastructure vendors — that have become targets as well.
Organizations have been putting this best efforts into preventing these types of attacks, and yet attackers are still getting through their defenses. This is no coincidence. Cyber attackers have routinely been one step ahead of security solutions. The latest security technologies are often in response to the latest cyber threats, and since those are constantly evolving, security tech seems to always find itself in catch-up mode.
These realities have lead to many people asking a very tough question: is it time to admit that we can’t stop these cyber attacks? It’s a grim possibility, but if we make this admission, we may be better able to use resources and talents in a different manner, mainly in making a business resilient to cyber attackers. That’s not to say we should open the gate for all invaders to run through — defenses will still be important — but an organization that is resilient will be able to fend off and rebound from cyber attacks, minimizing their overall impact.
Some businesses have already started to shift toward this strategy. One recent survey from PricewaterhouseCoopers shows that nearly 60 percent of organizations are using big data analytics as part of their security strategy. Big data algorithms have proven adept at using historical information to detect when breaches have occurred, allowing businesses to respond quickly to threats.
The use of automation can also be instrumental in determining if breaches could have a long-lasting business impact that could prove damaging to the company. After all, not every data breach is serious, so separate a minor threat from a major one can help organizations better distribute their resources. Use of data encryption can help greatly as well. With encrypted data, even if a hacker infiltrates a network, they’ll find the data useless.
All of these efforts add up to businesses needing to create and use the proper cyber response strategy. Everyone within an organization, from the IT personnel to the front office, needs to know what their individual roles are and how they should respond when data breaches happen. Responses should be tested before a business is already in the midst of crisis. Having the technology on hand that can detect breaches early also plays a crucial part in responding to attacks.
Beyond the initial response, having a recovery plan is one major step that shouldn’t be ignored. Businesses will want to be back on their feet quickly after a breach, something much more possible when a recovery plan has been formulated well beforehand.
An organization that is resilient to cyber attacks is the equivalent to a city that has a well-funded and superbly talent fire department. While the idea scenario is to prevent all breaches, that’s not likely to happen. Businesses instead would be better suited to becoming a resilient entity, one that can respond quickly to breaches, eliminate the threat, and recover in short order. It may not be perfect, but it will minimize any damage done, stopping the fire before it spreads.