Page 8 - Cyber Defense eMagazine - February 2018
P. 8
IF YOU WANT TO PREVENT BREACHES, DON'T MAKE
THESE THREE SECURITY MISTAKES
™
by Destiny Bertucci, SolarWinds Head Geek
There's one thing that the most high-profile security breaches have had in common:
they were preventable. Yet, even in the face of increased incidents, most organizations
are still in reaction mode when it comes to information security. And, they are often
making the same three surprising mistakes — surprising because they involve
foundational parts of an enterprise security plan. I'm talking about the fundamental
processes of documenting, patching, and investing in technology redundancy.
BOLSTERING THE FOUNDATION: DOCUMENTATION
Being proactive about an information security strategy starts with documenting the
processes that dictate patching policies. This is a basic, foundational step in IT — and
skipping documentation is a basic mistake. After all, just pulling one block from a
foundation could make it fall.
Documentation provides a chain of command, enables enforcement, and helps verify
whether updates were made or not. Putting processes and policies on record takes
testing, implementing, verifying, and recovery planning. Such work must get granular to
be effective, so it's often considered tedious, and that's why the practice can be
overlooked. On the other hand, backtracking and mitigating a breach takes a lot more
time and effort.
STAYING UP-TO-DATE: PATCHING
In terms of making the updates dictated by the documentation, that action is frequently
viewed as downtime by the business. Ironically, such an omission is exactly the cause
of downtime and worse — customer loss, financial cost, and brand reputation damage.
®
Take WannaCry. Microsoft discovered a vulnerability and issued a patch in March.
News of the ransomware surfaced in April, and it took down organizations in May. A
simple patching policy would have prevented the attack.
®
The same can be said for Equifax — a breach resulting in the perpetual exposure of
personal data, and one that may eventually cost billions of dollars. We'll see the impact
for so many years to come that later incidents will probably be blamed on something
else.
8 Cyber Defense eMagazine – February 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.