WSJ: What to Do if You’ve Been Hacked - My Take: How Do You Prevent it from Recurring?
Recently, the Wall Street Journal posted a great article on “What to Do if You've Been Hacked,” and I think there are a few items that should be looked at a little more closely.
The article explores the traditional forensics and communications approach to dealing with the aftermath of a data breach. I’d like to take it a step further to discuss how you can prevent future hacks from happening.
In a number of recent cases we’ve where one hack can lead to another. It’s a potentially embarrassing situation for a company and a potentially career-threatening event for a CISO or CSO.
So, what should you do?
I recommend completing a risk assessment, but not just of the tools in place, but the strategy. Let’s face it, people are going after your data and they are doing it now. So, it’s not about building the biggest wall, it is about getting smarter.
What are the biggest emerging threat surfaces and are you prepared to deal with these threats? Do you have a mobile security strategy? a data security strategy; a cloud strategy? Overall it seems many companies are not prepared for emerging threats, for example, I’ve seen poll numbers of Fortune 1000s where:
- Approximately 12 percent said they had a cloud security strategy in place
- Only eight percent had a defined strategy in place for protecting iDevices and Androids
- And only 16 percent felt prepared for the current bring your own computer trend
In other words, we need to look beyond what to do when a breach occurs, and also look at how we are going to create and deploy strategies that help prevent them from reccurring. If we are stuck to reacting to breaches, we are doomed to fail.
These are the sorts of things I’ve been talking to a lot of senior security leadership about lately. Tools are tools. Strategy that addresses future and emerging trends and threat surfaces is what is going to help us protect our organizations. Feel free to drop me an email or add a comment below if you’d like to talk about some of the most successful strategies I’m encountering when I’m speaking to these top companies.