October 24, 2014 By Beth Dunphy 2 min read

With cybersecurity threats on the rise, can any of us say that we are truly prepared for an attempt by cybercriminals to break into our networks? In today’s world of constantly evolving threats, it’s potentially only a matter of when your systems will be hacked, not if. Before your organization falls prey to cybercriminals, consider taking some time — and money — to plan ahead and test your own defenses. Consider the saying, “It takes a thief to catch a thief.”

So cue the ominous music and bring in the hackers for hire. I’m not talking about hiring actual “bad-guy” or criminal hackers — although some organizations have been known to do that. I’m talking about working with a company that has ethical hacker expertise and thinks like a hacker to help its clients respond to and recover from security breaches.

The following are some tips on how you can use these hackers for hire to strengthen your organization’s security before a breach.

Have a Cybersecurity Plan

Work with a knowledgeable consulting firm to build an incident response plan that outlines the major incident scenarios that are likely to happen, the key contact details of whom to engage during an incident and the rules of engagement for the overall response process. Also, be sure to include reporting and communications templates because those are the last things you want to be designing in the middle of an incident.

Test Your Controls

Use a little friendly, ethical hacking to test your systems. Organizations have contracted consultants for years to perform penetration testing on Internet-facing systems. With today’s evolving network perimeter, many organizations are not adequately securing or testing their mobile devices and the applications that access their core business infrastructure. About 75 percent of mobile applications will fail basic security tests through 2015. These mobile devices and apps are target-rich opportunities for cybercriminals — especially if proper security wasn’t built into them or configured in the first place — so they should be part of your incident preparation activities.

Exercise Your Plan

Many organizations today are taking a lesson from military and other first-responder organizations that run a variety of exercises to test their incident response plans. While no one can really plan for a “black swan” scenario, you can still test your response to the likely major incident scenarios you have outlined in your incident response plan. Exercises can range from tabletop scenarios, where participants sitting around a table walk through the response actions step by step, to full-on live war-gaming, with an active response to simulated cybercriminal attacks by your friendly ethical hackers.

Update Your Plan

Based on the findings from your penetration testing and your incident response plan testing, it is critical to go back and update your plan to cover the lessons you learned. At a minimum, incident response plans should be updated on a yearly basis to capture the changes needed to address the evolving threat landscape and your organization’s changing information technology and cybersecurity environment.

As Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” This adage holds equally true whether you’re an athlete preparing for a big game, an employee giving a presentation to your management team or an information security manager trying to secure your computing environment.

How will your organization prepare itself for an inevitable systems attack?

More from Data Protection

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Data security posture management vs cloud security posture management

4 min read - “A data breach has just occurred”, is a phrase no security professional wants to hear. From the CISO on down to the SOC analysts, a data breach is the definition of a very bad day. It can cause serious brand damage and financial loss for enterprises, lead to abrupt career changes among security professionals, and instill fear of financial or privacy loss for businesses and consumers.According to an ESG report, 55% of data and workloads currently run or operate in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today