TALKING BUSINESS
So how can organisations adapt?
The first step is to accept that at some
point, the hackers will breach your
preventative security layer. The second
is to invest in an adaptive security
method that is able to keep up with
increasingly sophisticated attacks.
Adaptive security means putting
preventative and responsive security
processes in place at every step in
your system that a threat could break
through. Organisations should shift
their mindset from ‘incident response’
to ‘continuous response’. Typically,
there are four stages in an adaptive
security life cycle: preventative,
detective, retrospective and predictive.
For organisations to protect themselves,
they need to get the right mix.
• Preventive security is the first layer
of defence. This includes things
like firewalls, which are designed
to raise the bar against attackers,
blocking them and their attack
before they affect the business. Most
organisations have this in place
already, but there is definitely a
need for a mindset change. Rather
than seeing preventative security as
a way to block attackers completely
from getting in, organisations should
see it as a barrier that makes it
more difficult for an attacker to get
30
INTELLIGENTCIO
through – giving the organisation
more time to detect and disable an
attack in process.
• Detective security detects the attacks
within the system that have already
breached your walls. The goal of
this layer is to reduce the time that
attackers spends within the system,
limiting the subsequent damage. This
layer is critical, as the organisation
has already established that attackers
will, at some point, encounter a gap in
their defences.
• Retrospective security is an
intelligent layer that turns past
attacks into future protection –
similar to how a vaccine protects
you against diseases. By analysing
the vulnerabilities exposed in a
previous breach and using forensic
analysis and root cause analysis,
it recommends new preventative
measures for any similar incidents in
the future.
• Predictive security plugs into
the external network of threats,
periodically monitoring external
hackers underground to proactively
anticipate new attack types. This is
fed back to the preventative layer,
putting new protections in place
against evolving threats as
they’re discovered.
These are the four ingredients you
need to secure your business during
your digital transformation journey,
and they need to be baked in together
in order to protect you to their full
potential. All elements improve security
individually, but together, these four
distinct security mechanisms form a
comprehensive, constant protection for
organisations at every stage in the life
cycle of a security threat. n
“The landscape of
digital threats has
seen considerable
advancement in
recent years but
organisations are
failing to adapt.
Many organisations
are using outdated
methods of
protection that
focus too heavily
on blocking
and prevention
mechanisms.”
www.intelligentcio.com