Data Breaches: Are They Keeping You Up At Night?
BY LUKE DONALD
A decade ago, data breaches made headline news for weeks. Today, breaches are so “normal”, they don’t even make the headlines. Verizon’s annual data breach investigations reports (DBIR) reported 760 data breaches with 4 million records stolen in 2010, and 5,258 data breaches with most statistics reporting breached records in excess of 20 billion. It is impossible to make an organization hack proof, but it is possible to become resilient against attacks and gain back some of that lost sleep.
The NIST Cybersecurity Framework (https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf) outlines five critical functions of a robust security program: Identify, Protect, Detect, Respond, Recover.
Identifying the assets that are important to your organization allows you to focus on what needs to be defended
Protecting assets simply means making it more difficult for malicious actors to attack
No protection is perfect so knowing when your assets are being attacked is critical
Respond to those attacks by having a course of action to shut down detected threats
No matter how excellent your security is, it’s always possible for a malicious attack to succeed which is why it’s important for organizations to have a plan to recover from successful attacks
Many organizations rely heavily on the protect function, believing a strong defense will keep malicious actors away from their assets. The statistics we mentioned earlier would suggest this is a failing strategy. Failing to plan for attacks can leave organizations vulnerable to future attacks, and can have a serious impact on employee morale as well as customer confidence. It’s no coincidence that NIST has dedicated 60% of this cybersecurity framework to what happens after an organization is attacked.
The NIST cybersecurity framework is designed to be iterative, allowing organizations to build on these five basic functions and mature their cybersecurity programs over time. The internet can feel like the Wild West, but every step towards cybersecurity maturity your organization takes now will mean one less headache or heartbreak should your organization ever be attacked. Sleep better by knowing you can manage successful attacks against your organization. For more information, reach out to our team here.