Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: You will get breached. Get over it

Jaikumar Vijayan | April 27, 2011
It's no longer really a question of 'if' but 'when. Maybe not all companies will get breached, but many will, especially those that are specifically targeted by attackers.

But analysts say there also needs to be much more of a focus on continuous monitoring of internal networks and systems so as to be able to detect break-ins and anomalous behavior sooner.

It means doing things like encryption, and segmenting networks and data where possible to make it harder for intruders to move about inside an enterprise network. It means having the tools to track an intruder's movements and having sensors for detecting Web beacons and data exfiltration attempts. It means having a good forensics capability for detecting what went wrong and remediating it quickly.

The federal government is already doing a lot of this stuff or is moving in that direction anyway. Federal agencies these days for instance, are required to implement a continuous monitoring capability as part of their FISMA compliance requirements.

Many agencies are also in their process of reducing the number of touch points they have with the Internet so as to be able to protect the remaining ones better. Data encryption is required in many cases for any sensitive data that is stored on mobile devices. Despite all this, federal agencies do get breached. But at least they are no longer focused only on attack prevention.

Preparing for a breach is not an admission of failure or of weakness. It's just common sense. Going forward, the true measure of a company's security readiness will not be just how well they defend against attacks but also how well they respond to the one that slips past their best defenses.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.

How to assemble a highly effective analytics team

Unlocking insights for sustainable development in ASEAN

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

Security trends 2018: biometric hacking, state-sponsored attacks, daring cyber heists

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

At a Glance: What’s really in store for Digital Malaysia in 2018?

Unlocking insights for sustainable development in ASEAN

Eying Digital Economy boost, SAP Malaysia appoints new MD

MDEC 2018: What lies ahead for Digital Malaysia’s re-domiciling initiative?

Why European analytics specialist CXS has moved to Malaysia

At a Glance: What’s really in store for Digital Malaysia in 2018?