Working with a Managed Detection & Response (MDR) provider can help improve threat detection & response capabilities – protecting your organization’s “crown jewels” and mitigating the impact of a potential attack. But there is a right way – and a wrong way – to address your enterprise’s security posture and protect sensitive data. In this interview, Prashanth Nagendran, from CyberProof’s Vulnerability Management team in Trivandrum, India, shares some of his insights regarding how to prioritize the key aspects of security operations to ensure the customer data in your organization is protected.
On data protection
Protecting data is one of the core issues for any enterprise – and developing strategies for protecting confidential information is a key challenge for cybersecurity experts. Every organization needs a healthy culture for safeguarding data. Hackers continuously try to find ways to intrude – with the aim of stealing confidential data, usually for commercial gain. Frequently, it is employees who, without proper security awareness training, give hackers the opportunity to penetrate an organization’s network. Having a strong cybersecurity team that puts the right processes in place can help protect sensitive data.
On the MITRE ATT&CK framework
Cybersecurity is a complex field, and it’s not a simple task to manage security operations processes in a way that keeps the risk to the minimum.
Vulnerabilities must be identified and prioritized through vulnerability patching to make an enterprise secure. Organizations must protect themselves from ransomware attacks and emerging threats. Moreover, security teams need to ensure that any new tools adopted by an organization are implemented without creating new gaps in security.
One approach to managing all these issues involves using the MITRE ATT&CK framework, which tracks cyber adversary tactics and techniques used by threat actors across the entire attack life cycle. By leveraging MITRE, an organization can map out its strengths and weaknesses and improve its security posture.
On developing Incident Response plans
Because there is always a possibility that an enterprise will be hacked, there is a huge responsibility involved in protecting an organization’s customer data. In any organization, there is the risk of a ransomware attack – perhaps even a complex and expensive cyber-attack. It is crucial to put an Incident Response (IR) plan into place so that your organization is ready to face such an attack.
Before developing an IR plan, establish a baseline by recording basic metrics that reflect your organization’s current behavior. You can update and improve your baseline periodically. Once you’ve established the baseline, you can introduce an IR plan.
An IR plan is a professional cybersecurity document that provides instruction about how to respond in real time, during a security incident. An IR plan should cover a variety of scenarios, including data breach, data leak, and ransomware attack, and it addresses the possibility of losing sensitive information. A “Ransomware Prevention Checklist” should be prepared to help the enterprise respond to ransomware attacks effectively.
On training new L1 analysts
Cybersecurity is a continually evolving field. Analysts play a key role, helping enterprises be more aware of potential cyber-attacks. As new analysts gain experience in the Security Operations Center (SOC), they develop expertise and are aware of the possible risks so that, just as an example, they recognize the difference between real emails and phishing emails. Analysts may also be involved in training other employees – helping them be more aware and act with caution, to reduce the risk to an organization.
To become an L1 analyst, it’s important to invest in professional cybersecurity training with a top trainer who can prepare you well, for the position. Cybersecurity training should be extended to cyber incident planning and response training. Thinking creatively – and spreading the importance of cybersecurity – is the best way to move forward.
Want to learn more about how to protect your organization? Contact CyberProof’s experts today!