You may have heard by now that new rules in the Canadian Digital Privacy Act are going into effect as of November 1st, 2018. Among those rules is the mandatory notification of any data breaches. Organizations will need to notify affected individuals, third parties and Privacy Commissioner of a data breach that can cause significant harm.
Cybercriminals are constantly evolving their techniques of attack. The malware they use is designed to evade detection and as a defender, our ability to protect organizations and recover from a breach will be largely dependent on the steps taken to strengthen our security posture.
PREVENTION:
- THE BASICS: We need to get better at dealing with the basics of cybersecurity. Patch your applications, operating systems and appliances. Make sure you follow your corporate policies around patch management and if needed, update your procedures. A great example is WannaCry in March 2017, it was only after the exploit made headlines that organizations accelerated their patching activities.
- THE FIRST LINE OF DEFENSE: Implement a multi-layered security strategy that leverages the internet infrastructure to block malicious destinations. Leverage the cloud to block dangerous connections from being established and stop malware from reaching the network and endpoint. Cisco Umbrella provides a first-line-of-defense with a solution that can be easily deployed across the entire enterprise in minutes. Powered by Talos threat intelligence, Cisco Umbrella provides protection for users ON and OFF the network and will stop data exfiltration and ransomware encryption.
- NUMBER ONE ATTACK VECTOR: Email continues to be the largest attack vector and the primary tool used by cybercriminals to distribute malware. The attackers will use social engineering techniques combined with phishing, malicious links and attachments to deliver exploits to the endpoint. Having a ‘good enough’ email security solution is no longer good enough for defending your organization. Cisco’s Talos threat intelligence offers best in class Email Security, that integrates with Microsoft Office 365 to provide customers with exceptional threat protection.
- LAST LINE OF DEFENSE: If everything else fails, then your endpoint solution needs to provide protection against the threat. You cannot simply rely on traditional anti-virus technology, advanced threats will go undetected and can be present in your network for months. Almost all endpoint security vendors claim to block 99% of malware. That 1% is what we need to be concerned with, those are advanced and targeted threats that will evade front-line defenses, cause serious damage and steal valuable data.
Organizations need a Next Generation Endpoint Security that integrates Prevention, Detection and Response capability in a single solution. Cisco’s AMP for Endpoint continuously monitors and analyses files in your network to uncover the 1% of threats that other solutions miss. If a file that appeared clean upon initial inspection suddenly exhibits malicious behavior, AMP for Endpoint will detect the change, contain and remediate the threat.
REMEDIATION:
Did you know that 60% of breaches have data exfiltrated in the first 24 hours? Having a solid Remediation plan is equally important in the event of a breach. Cisco Security Advisory Services can help with Incident Response Services.
- READINESS: Proactive Services include several activities to make sure you are ready in the event of a breach. We evaluate several data points to obtain a deep understanding of your environment and your practices. We will coordinate and perform threat hunting work with your team to look for vulnerabilities, malware and active compromises in your environment. We act as a 3rd party in tabletop exercises to evaluate the effectiveness of your existing Incident Response plan. We will prioritize our recommendations and will assist in preparing the environment to better prevent, detect and respond to future incidents.
- RETAINER: Reactive Services are needed when you have an inevitable security incident. The Cisco team goes into action within 4 hours and will be onsite within 24 hours of the incident report. The team will assess the situation and initiate a response. They will do a deep investigation to understand the scope of the attack, deploy the necessary tools to perform forensics and quarantine the attack. Once contained, the team will remove all malware and tools left behind by the attackers. If needed, we will bring in our crisis communications team to manage any external breach communication.
Brought to you by CDW & Cisco
