I read an article a few days ago in which the author subtly advocated that organizations should adopt a viewpoint based on fear when it comes to security breaches. The basic subtext was something like, “The cyberattackers are coming — run to your bunker!” The truth of the matter is that, in some ways, he’s right; it’s really not a question of if you will be breached, but when.
In fact, according to the IBM 2015 Cyber Security Intelligence Index, the average organization experienced 2.1 security incidents each week, when an incident is a security event that has been reviewed by IBM analysts and deemed worthy of deeper investigation. The study also showed that the incident-to-attack percentage, where an attack is defined as a security event that’s been identified as malicious activity, is on the rise, with the overall ratio increasing from .65 percent to .91 percent. That means cybercriminals are not only getting more prevalent, they’re also becoming more proficient at what they do.
The cost of a data breach is increasing, as well. A recent study from the Ponemon Institute revealed an average cost of nearly $3.8 million for the companies that participated in the project.
But even with these startling statistics, I’d much rather come from a place of confidence than fear when it comes to cybersecurity.
Choose Confidence, Not Fear
So how do you approach a security strategy with confidence instead of fear? First you have to look at the facts and know what you’re dealing with. If your organization is like most, you have a diverse mix of devices — desktops, laptops, servers and more — connecting to your corporate data. Moreover, you probably also deal with the reality of having to manage and secure a constantly changing landscape of devices linked to your data, including rogue devices into which you have no visibility and over which you have no control. That means you can’t quickly identify and respond to threats before widespread damage can occur.
Download the Sans Institute’s 2016 State of Endpoint Security Survey
Another potential problem is that in many organizations, IT security creates the endpoint policies while IT operations implements them. That means every new handoff, tool and process between the two teams creates an additional opportunity for out-of-compliance endpoints that can be breached.
It sounds like a scary scenario since every noncompliant endpoint on your system is a potential window into which a cyber burglar can climb. And managing and securing all those endpoints can seem like an overwhelming task.
But overwhelming doesn’t mean impossible, and it doesn’t even have to mean scary. A well-thought-out approach to cybersecurity based on confidence — instead of fear — needs to focus on managing and securing endpoints before, during and after a potential breach.
What to Do With Your Endpoint Security
Before
Clearly, the best protection against threats is to discover and quarantine them before damage is inflicted across the network. This requires intelligence to monitor and report on the status of every endpoint, regardless of type or location, in real time. Any endpoint found to be out of compliance should be automatically remediated and made compliant or quarantined completely before it can infect the broader network.
During
Security teams are overwhelmed by an influx of vulnerabilities and lack the contextual data to help them prioritize the greatest threats, making it possible for months to pass between the discovery of a vulnerability and the application of a patch. To effectively cut through the noise of millions of security events, companies need to use analytics-based solutions to assess and display vulnerabilities by threat level.
After
Once a vulnerability is discovered, action needs to be taken quickly on all endpoints, both on and off the network. Any noncompliant or infected endpoints need to be isolated until remediation is complete. The No. 1 factor that helps reduce the cost of a data breach is having an effective response strategy in place, according to the Ponemon study. With real-time, automated processes, endpoints can be disinfected in minutes.
Managing Endpoint Security
A well-structured endpoint security strategy needs to recognize that endpoints provide criminals with entry into an organization’s most valued data and understand that managing and securing those endpoints is critical. Now you can approach this security from a place of confidence — not fear — with IBM BigFix.
IBM Big Fix gives you the visibility and control to quickly detect and respond to cyberthreats at every stage and across all endpoints. IBM Big Fix:
- Monitors and secures every endpoint — on and off the corporate network — before, during and after an attack;
- Delivers real-time situational awareness and incident response across endpoints to mitigate damage;
- Protects an ever-increasing number of endpoints, letting you manage and secure up to 250,000 of them from a single server — whether they’re connected to your network or not;
- Gives you advanced protection against malware from the moment a threat is released until security patches are in place;
- Bridges the endpoint gap between IT ops and security to reduce operational costs while improving security posture.
Can We Say Next-Gen Yet? Read the Sans Institute’s 2016 State of Endpoint Security Survey