When it comes to real-time threats, if your executives expect you to prevent all breaches, you're overdue for a talk. First, total prevention of threat infiltration is not realistic. Second, you can't catch everything. Third, security technology by itself won't do much. To address today's cyber-threats, monitoring programs must be based on the assumption that we will get hacked and always have infected systems, and the security team's role is to minimize damage by focusing on top risks.
Why is a meeting of the minds with the executives important? One must have their collaboration and input to determine what kinds of cyber threats can most negatively impact the business. Are they more concerned about incurring fines, preventing losses, protecting trade secrets or protecting the brand? They may not understand the factors that contribute to the new landscape. Hackers targeting an organization use a string of techniques to establish an internal base from which to launch data theft or fraud. Botnets and other forms of malware morph and proliferate quickly, and can hide in stealth mode. The variety of endpoint devices that can introduce malware to the network makes total control impossible.
With expectations set, it's the job of infosec teams to translate that business picture into a sound architecture to monitor threat infiltrations. Gone are the days when one got a good night's sleep by updating intrusion detection signatures and virus pattern files. Although one will not completely prevent malware, with a risk-focused monitoring program, admins can lessen the business impact of malicious activity. The focus of the program should be reviewed annually with executives, and all facets should be adjusted appropriately after upgrades and technology reviews to drive ongoing improvement to the surrounding processes.
