By Jason Lee November 14, 2022
There’s a joke I like to tell about what keeps C-level executives up at night. The shorthand version is that unlike the rest of the leadership team, the CISO’s bed is made but no one sleeps in it.
It’s been almost two months since I joined Splunk as Chief Information Security Officer and my team has been focusing on Splunk's own foundational security and continuing our ongoing efforts to protect our customers – so security isn’t the thing keeping them up at night. The reality is that it’s not if a breach or exploit will occur, it’s when. So organizations need to be ready to respond and recover when an incident occurs.
Here are five tips on preparing for a cyberattack.
Nail the Basics
The first line of defense is ensuring employees are informed and routinely trained on security policies. Strong passwords updated regularly, phishing prevention training and keeping systems and applications patched and up to date go a long way toward preventing a breach. Keep data encrypted and backed up, and segregate backups so a cyberattack can’t spread. And having a solid asset management strategy enables businesses to identify core critical assets and determine how to secure that data.
Know Who’s Who and Who Can Access What
Operate with a zero trust strategy and authenticate and authorize every user, device and interaction to verify everyone and everything across the business. Implement data governance so people only have access to data and technology relevant to their role. Inventory your data regularly so that you understand where sensitive information resides and who has access to it. Besides keeping passwords updated, implement multi-factor authentication whenever possible to help ensure that legitimate users are accessing systems and data. Practice routine user maintenance to add, update or remove users to help maintain data governance.
Look at Your Data Big Picture
Understanding your data is more than collecting logs and seeing activity. It’s taking in all the different data to understand the big picture and gaining end-to-end visibility across the environment. To be cyber resilient, you need a data-centric security operations portfolio that collects all forms of data, quickly analyzes and responds to risks, has built-in threat intelligence, easily integrates with existing tools sets without creating more data silos and scales with the business.
Have a Plan
As Benjamin Franklin said, “By failing to prepare, you are preparing to fail.” Develop an incident response plan to investigate, contain and remediate a security incident or breach. Having a plan in place helps you make faster, informed decisions to reduce risk exposure. But don’t stop there. Set up an incident recovery plan to outline how to restore your business. And if an attack occurs, gather your teams to figure out how risk was missed to put future protections in place. Save time and cost of recovery by having plans in place.
Communicate
Know who you’re going to call and how you’re going to tell customers. Ensure that everyone knows what to do and can carry out the plan if a cyberattack occurs. Identify who gets called, develop technical responses for customers and know who the decision makers are in your organization. The smoother you handle incidents internally and externally, the better for your customers and your bottom line.
When it comes to security, it pays to look ahead and be prepared. Before joining Splunk, I was a Splunk customer. If you want to find out how using Splunk helped me sleep at night, get in touch.