Intelligent CIO Africa Issue 18 | Page 30

EDITOR’S QUESTION ////////////////// In addition to assigning resources to critical areas, organisations can augment cybersecurity capabilities with AI which today can proactively detect anomalous behaviour – both known signatures and unknown threats – to dramatically reduce false alerts. AI can also automatically detect and classify every asset on the network, including cloud-hosted and IoT devices. Decrease dwell time W hen thinking about their data, organisations primarily concern themselves with data management and processing, but the scope extends well beyond this and should now include specific requirements such as data security and transparency. Especially considering regulations – the GDPR being just the latest in a long list – data security should be a board’s main issue as these raise compliance challenges and can entail hefty administrative fines. Unfortunately, given rapidly evolving malware and broadening attack surfaces, security platforms alone cannot eradicate the risk of data breach. They need to be coupled with well-defined policies and effective management. It is in the latter area that organisations find themselves caught between a rock and a hard place. While they may have the right tools deployed, the amount of time to follow up and investigate every alert notification can strain already scarce resources, creating alert fatigue, resulting in notifications being ignored and detection sensitivity being lowered. So instead of relying only upon security technologies, organisations should instead focus on three general principles to enhance their data security. Reduce the attack surface To protect against known threats and detect against unknown threats, organisations must reduce their attack surface area. This begins with identifying the most critical assets which allows you to prioritise security resources. Doing so requires a single, integrated view of data from all IT assets. While this may seem like a daunting task, service providers such as AppCentrix can help with tools and services that streamline and automate the process. 30 INTELLIGENTCIO In an ideal scenario, prevention should mean your organisation doesn’t fall victim to data breaches. However, with the multitude of attack vectors, many of which exploit employee behaviour, no organisation is impenetrable. Reports have shown that most data breaches take up to 206 days to be detected with the associated cost scaling with time. Because rapid response is fundamental to mitigating the impact, it is imperative to have a plan in place in the event of a breach. Identifying and minimising the impact of data breaches requires real- time monitoring of all events and data across the network. Investing in a unified platform for this purpose not only delivers the holistic visibility needed, but also increases agility while minimising costs. Speed up investigation Mitigating the impact is the first priority in the event of a data breach. In the aftermath of the attack, however, you must also focus on analysing what went wrong. Not only does investigation help prevent recurrences, it is often also necessary for compliance and to provide the transparency customers and shareholders are entitled to. This is only possible when you have the right digital forensics solution which must have the ability to auto-discover and map everything on the network, analyse wire data from the network, identify anomalies using machine learning, map relationships between endpoints and navigate directly to related packets to support forensic analysis of attack activities. In the end, comprehensive data protection requires investment into the right holistic visibility and management platform and defining clear policies and procedures that account for worst case scenarios. For organisations with limited IT resources, working with a managed services provider could rapidly address both these requirements while also keeping costs in check. www.intelligentcio.com