Be prepared for the breach that’s headed your way
January 2015 is already winding down, but it’s not too late to think about the lessons of 2014. For anyone in information security, 2014 was a year marked by spectacular breaches. It ended with Sony Pictures Entertainment getting its clock cleaned by hackers, quite possibly from North Korea. Wouldn’t it be great if 2015 doesn’t include the same sort of clock cleaning at your company?
Having run thousands of incident response operations over the years, I have come to appreciate the value of visibility. I’m talking about meaningful data collection, from the network layer up to the applications. I’m talking about data that can help the computer security incident response team (CSIRT) understand with a high degree of confidence what happened. You can take steps to make sure that your CSIRT will have that kind of data, well organized, so they’re not lost in a sea of meaningless data or grasping for clues with no data at all. If you do nothing to improve visibility, your CSIRT might be able to draw some basic conclusions about an incident, but chances are they won’t be able to tell executive decision-makers what they really want to know: precisely what happened in an incident and the extent of the business impact.