Why Constant Monitoring And Training Is Key To Optimal Security

Prasad Ramakrishnan, Chief Information Officer, Freshworks With over 25 years of experience in the IT sector, Ramakrishnan manages business systems, business intelligence and global IT infrastructure of Freshworks. He holds an MBA degree in Global Management from the University of Phoenix.

There is a common saying in cybersecurity circles that goes some thing like this 'It’s not that you have not been breached just that you don’t know it yet.’ An adage like this would be funny if it were not true or its implications not so serious. According to the ‘Cost of a Data Breach Report - 2019’ by Ponemon Institute the average time to identify and contain a breach and this is a global average is 279 days. This implies that for over nine months, an organization may have no clue that its security has been breached. And the average total cost of a data breach? A $3.92-million hole in your pocket. Unfortunately, most companies practice cybersecurity as an afterthought, often trying to retrofit their systems with tools instead of doing it from the ground up. This not only proves futile when a new, advanced attack happens, it also escalates their overall cost. In my view, cyber security should be built into the organizational design from the very initial stages, and companies should take a holistic approach to meet their specific security needs.

Remember one size does not fit all. So each organization should regularly do an exhaustive exercise to figure out their security posture that best fits their needs.

Protecting Your Crown Jewels
One thing each company needs to protect keenly is its 'crown jewels' the most critical data pertaining to them. For instance for a healthcare firm, the most important data assets are likely to be patient health records whereas for a bank it could be data related to transactions. Again a holistic approach requires you to first identify and define what you are protecting. To achieve this you should start with identifying your crown jewels such as the proprietary intellectual property you may have developed, your customer list your financial data, and the like. What’s more a comprehensive view involves securing your data assets in a multilayered way. So you are not just talking about securing the endpoints
but also ensuring that for each of the security layers you have the right instrumentation to tackle any incident. You may have purchased several shiny security tools but quite often such a proliferation gives organizations a false sense of security. To have a solid foundation you must include security as a core element of your strategy.

Each organization should regularly do an exhaustive exercise to figure out their security posture that best fits their needs

Being Proactive and Alert All the Time
While data breaches have become the new normal, all is not lost. There are four proactive things you can do to minimize risk constant monitoring training and awareness containment planning and cybersecurity insurance. Organizations today have to navigate through a complex set of regulatory compliances and simultaneously watch out for new threats including socially engineered attacks and sophisticated ransomware. As such, no single tool or even a combination of tools is sufficient to keep their data safe. So what is the way out? One useful analogy here is how we monitor the fever of a patient by using a thermometer. It wouldn’t be off the mark to think of your network as 'a body' that can be feverish at any moment. So you need to keep your security instruments ever ready to take the temperature pulse, blood pressure, or whatever is necessary at any moment to keep the sickness whether visible or simmering some where in its entrails within manageable limits.

In security parlance, these measures would mean performing frequent penetration tests, having bug bounty schemes or analyzing network traffic for any unusual patterns or employee behavior. The good news is that companies do not have to invest in expensive technology to sort this out most of them already get log analysis of activities on their servers. What they need to do is define what unusual activities mean for them then learn from that data analysis, and further keep building on that knowledge to finetune their detection capabilities.

Secondly, given that the security of any network is only as strong as its weakest link the importance of employee awareness and training cannot be over emphasized: employees are often known to get tricked into clicking phishing links or otherwise compromise the security fortress you have so painstakingly built. But one caveat I would like to add to any elaborate security training program is this don’t make it too long and boring! What proves effective is what gets adhered to, not what is ignored. For instance, have short and quick ‘trainable moments’ within the company rather than force the employees to sit through tedious webinars or hours long sessions. Gamify the learning process if you will.

Likewise mock drills for incident response preparedness are useful but do keep an element of surprise and urgency in them so that they are done in the right earnestness and not taken as ‘business as usual’. Next, it is equally important to have a containment plan designed to keep critical business services active even as the incident response team in your company is busy cleaning up the contaminated areas and assets. And last but not the least it is a good business practice, besides being an important aid to managing reputational risk to obtain some form of cybersecurity insurance to cover the cost of addressing your breach.

There is another age old saying that rings true in security 'An ounce of prevention is better than a pound of cure.