Evaluating These Processes Provides Map for a Robust Security Strategy, Positioning Your Company, Your Customers, and Your Bottom Line for Best Possible Outcome

By Colin D’Cunha

When discussing data breaches, the adage, “It’s not a matter of if, but when” is truer today than ever. Technology’s breakneck pace cuts both ways: The same innovations that emerge to help society can (and will) be manipulated by bad actors to hurt it.

Adding insult to that injury is the unwelcome sidecar of significant cost. Ask the City of Atlanta, which dealt with a ransomware attack in March 2018 to the tune of about $50,000. That initial loss paled in comparison to the recovery cost, which has been reported as more than $2.5 million. But that’s just a flesh wound compared to Equifax’s 2017 trauma that’s racked up more than $240 million to date. And earlier this month, a little-known marketing and data firm named Exactis reportedly leaked information on hundreds of millions of Americans. The financial fallout from that is yet to be seen.

These all reinforce a critical message for organizations: While keeping your systems as bullet proof as possible should be part of the goal, the complete plan must include ways to minimize damage of an inevitable breach. The key component in all of this is early containment, which is commonly referred to as “shifting left in the cyber kill chain.” The earlier a breach is contained, the faster incident response procedures can go into effect and you can minimize damage to the enterprise and restore normal operations. This all translates to less impact to customers, reputation, and bottom line.

Breaches are most effectively contained when the security strategy has addressed at least five primary areas of risk, so starting here will help your organization assess its own risk-profile, find the weaknesses, then manage them for the best continuous visibility and most robust overall plan.

  1. Endpoint Management – Because every endpoint that can connect to resources and host sensitive data is a target for bad actors, organizations can do themselves a world of favors by first identifying these endpoints then ensuring they are properly patched. This includes making sure any applications running on them are fully updated. Improving visibility here also aids in a good detection-and-response strategy.
  2. Email security – Email is still the most popular way in for the bad guys. From phishing to business email compromise, the methods are endless and a constant glimpse into dark creativity. That means organizations should prioritize evaluating this component of their enterprise from top to bottom. Starting with an assertive security awareness and training program that will empower employees and ensure a strong email security posture. Your enterprise security position can improve significantly by just promoting a “do not click it” policy.
  3. Network change compliance and cleanup – A company that knows what its access control list looks like and continuously monitors it for changes is a company that’s committed to staying a step ahead in a race full of troublemakers. This is especially true in agile environments. Cleaning up stale rules and scanning for overly permissive rules should be part of any organization’s continuous visibility strategy.
  4. Data visibility and governance – The thought of a breach that leaks an organization’s most sensitive information is enough to make any executive break out in a cold sweat. One of the most important steps in preventing that nightmare scenario is to identify where your most sensitive data reside and ensure appropriate controls are in place to know who has accessed what, when, and why.
  5. Identity and Access Management – The policies and technologies your organization puts in place to ensure the principle of least privilege is enforced by giving authorized employees roles-based access is critical to your cyber security strategy. Take a close look at your IAM strategy to see if multifactor authentication and privileged access management are part of the program. Additionally, review your user identification lifecycle management process, where provisioning/ deprovisioning protocols and entitlement reviews, are important.


With careful review of these five areas, your organization will have a strong template for both where it stands currently and how it should prioritize addressing security concerns. The added benefit of such an evaluation is the resulting map it provides. Knowing where your endpoints are, for example, is the first step in creating a response plan that addresses a breach that uses them as a point of entry. Same for identifying data. Like so much in life, awareness is also key in the world of cyber security. With preparation then continuous monitoring, you’ll be in the best possible position for a successful outcome.