Perhaps the reason that Sherlock Holmes continues to capture the imagination of successive generations is his success rate. Through his brilliant intellect and observation skills, he always solved the crime. This satisfies the deep human need—sometimes lacking in real life—for justice, restitution, and closure.
This deep need could be the reason for the recent shift in press coverage regarding data breaches. In the past, when a data breach occurred, journalists focused on the types and amount of data taken. This has shifted in recent years to a big focus on who may have been behind the attack. However, there are certainly more important questions than “whodunit” for IT executives when it comes to network breaches and data theft.
Guest article by Pedro Abreu, Chief Strategy Officer, ForeScout
If your organization experiences a data breach, and the odds are high that it will, there are five questions that are more important to ask than who was responsible.
1. “What was the entry point?”
If security managers have a real-time view of every connected device, every authorized user, and every malware link clicked, they have a better chance of pinpointing the incoming threats capable of causing damage. Network visibility is essential.
2. “How can we fix it?”
Stopping the attack and fixing the damage is more important than placing blame, and speedy remediation is dependent on good visibility into your networks. The faster you can see and determine the size of the rip in your safety net, the faster it can be repaired. Companies have a clear fiscal incentive to minimize downtime, so this element is critical to running a business seamlessly.
3. “Can they still get in?”
It makes perfect sense that a great deal of energy is spent stopping and assessing the extent of the impact. However, without proper visibility, most companies are left wondering if they are still being breached – that is, whether the attackers left undiscovered back doors that will allow them back into the company’s systems later, when the incident response goes down.
4. “What exactly was stolen?”
Determining the scope of a data loss can be an extremely long process. This is especially damaging when a data breach affects consumers. Quantifying the breach with speed and confidence causes an affected company less harm in the long run.
5. “What are the lessons here?”
Cybersecurity defenses must evolve intelligently, automatically, and rapidly to ensure that the same infiltration tactic never works twice. Pragmatic, real-world defense depends not on making a network impenetrable, but on making it so challenging to crack that most attackers will eventually move on to easier targets.
Ask the Right Questions
These questions aren’t quite as exciting to ask as “Whodunit?” but they do zero in on the key information needed to mitigate and prevent cyberattacks. It’s clear that there is something in us that wants to be able to squarely point the finger of blame at an individual or group, but in the case of security breaches, this drive just ends up being a very costly distraction.
The focus should be on how the data breach occurred, what was taken, and what damage was ultimately done. Then, organizations must figure out if any back doors have been left open, and subsequently shut them tight if so.
Finally, learn from the attack and create defenses that prevent it from ever happening again, strengthening your network and discouraging cybercriminals the next time around.