Moving into the second quarter of 2017, cybersecurity continues to surface as a critical topic of conversation, specifically with and clients and prospects in the insurance, legal and financial industries. With early adopters going through their second (or even third) round of security assessments, the subject is taking more of a front seat as stakeholders work to understand (and adjust) their organization’s preparedness plan.
While there clearly is no way to prevent a cybercriminal, or “bad actor”, from trying to infiltrate and disrupt your business, a healthy approach to cybersecurity will keep you on your toes and off your heels. When an attack does happen, your posture and readiness determines the impact. Like anything else – be proactive, be prepared, and control your company’s fate.
As experts in applied information technologies, we take our clients through a circular approach to their cybersecurity plan which we refer to as ARM. It is the cornerstone of an organization’s cyber-defense plan, and critical to its stance at the time of an attack.
In practice, the multi-pronged methodology employs the continual use of Assessment, Remediation, and security Monitoring. Each step is an important piece in protecting the digital assets & data of an institution.
The program begins with an Assessment and paints a picture of the organization’s overall security and infrastructure. Following the assessment is a detailed Remediation plan to correct any vulnerabilities found, with the final step being the continued security Monitoring of a firm’s infrastructure to identify breaches or security incidents and act to correct them.
The ARM methodology means the company is continually in the circle – assessing, remediating, and monitoring. In today’s ever-changing landscape of cyber threats, this format allows for an institution to proactively manage any potential vulnerabilities, incidents, security breaches, or loss of data.
The Assessment begins the ARM methodology by reviewing the current state of the network, business, and security policies. In order for any organization to assess risk it needs to know what assets it has, what assets are authorized to be on its network, and what assets are most important to protect.
The Assessment is recognized as a crucial component of network security and a critical first step. It determines the actual security posture of the network environment. It is designed to explore whether an attack could bypass company defenses, find exploitable elements in a network, potentially shut down a business, or steal information.
Assessments consist of:
- Annual Penetration Testing
- Biannual Security Policies and Procedures Assessments
- Quarterly Vulnerability Assessments
As an institution conducts regular assessments, data points collected are used to identify the risks associated with organizational assets, and a plan to prioritize the remediation of the risks is developed.
Phase two, Remediation, takes the data from the assessments and works with company stakeholders to identify the most important assets and the most critical vulnerabilities. Each asset/vulnerability that is identified as an issue will be remedied during the remediation process, then rescanned to validate that the vulnerability has been corrected.
Continuously Monitoring the organization’s security & operating environment is the final component in the cycle, and a proper Security Operations Center (SOC) provides clients with continual monitoring of their network and security infrastructure.
The ever-increasing sophistication (and persistence) of malicious cyber activity, combined with the sheer complexity and volume of security information, requires an institution to have continuous Monitoring in place. Mindcore works with an organization to develop a strategy that deals with breaches or incidents that are identified.
This article represents our methods for improving the cybersecurity posture through the implementation of the ARM method. When a breach (or potential breach) is identified, response and timing is critical. A strong ARM will allow your organization the flexibility and maneuverability necessary to approach the attack from a fighting stance, reducing the impact and limiting the fallout.
Additionally, with many states and jurisdictions creating their own sets of regulations, the regulatory landscape has become increasingly complex and the risks associated with noncompliance grow costlier. Many organizations’ security staff are, or soon will be required to, show compliance to internal policies, federal and state regulations, and industry-specific standards.
This guide does not address all areas of security; however, it does provide a proven method for cyber risk reduction that could allow an institution to withstand or identify potential cyber threats. If you have comments or feedback let us know.