Page 32 - Cyber Warnings
P. 32
So, simply put, finding the leak and patching it or hardening the system is a lot better than
bailing out water from a sinking ship because you never noticed it had this hole allowing the ship
to fill with water.
Let’s explore the 7 secrets of Offensive Security and learn a new, more proactive approach to
dealing with protection of PII, keeping networks running and employees productive. We’ll dig
into ideas and methods that, while they sound so simple and easy, sometimes to implement
them, you’ll be dealing with corporate politics, budget issues, resource issues and time
constraints.
I’ll go into a deep dive for you on each of these seven secrets, however, let’s get started right
away, here are my seven secrets:
1. DEMAND EXECUTIVE SUPPORT – FUNDING, TRAINING, ETC.
2. DEPLOY CONTINUOUS (or daily at minimum) BACKUPS and TEST THEM – DOES
THE RESTORE EVEN WORK?
3. DEPLOY CORPORATE WIDE ENCRYPTION
4. CREATE A “LIVING” CORPORATE SECURITY DOCUMENT
5. TRAIN (and RETRAIN) ALL EMPLOYEES ON BEST PRACTICES INFOSEC
POLICIES (ISO27001, COBIT, NIST – choose one you like)
6. MANAGE THE BRING YOUR OWN DEVICES (BYOD) DILEMMA BY ASSUMING
ALL MOBILE DEVICES ALREADY INFECTED
7. DEPLOY AND MANAGE A BREACH PREVENTION SOLUTION (we’ll quickly show
you ours) that helps…
a) Document and mitigate RISK, especially serious vulnerabilities (CVEs)
b) Provide Network Access Control (NAC)
c) Quarantine high-risk, rogue and infected devices
What is the real cost of a Breach?
Recently, the Ponemon Institute concluded it’s 2016 Data Breach report. According to
this report (excerpted under fair use of the US Copyright Act, source:
http://www.ibm.com/security/data-breach):
The cost of data breach sets new record high. According to this year’s benchmark
findings, data breaches cost companies an average of $221 per compromised record –
of which $145 pertains to indirect costs, which include abnormal turnover or churn of
customers and $76 represents the direct costs incurred to resolve the data breach, such
as investments in technologies or legal fees.
32 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide