From local businesses to Google, IT breaches can happen to anyone.
According to IBM, there were 1.5 million monitored cyber attacks in the United States last year. Organizations are attacked an average of 16,856 times per year, and many of these attacks result in quantifiable data breaches. A moderate attack costs an average of $38,065 per minute of downtime.
With organizations facing a growing number of threats by sophisticated hackers, IT security needs to be a priority. However, many IT professionals aren’t aware of the vulnerabilities that could give hackers access to their systems and bring their organizations to a standstill.
While closing these gaps is usually simple, the hard part is finding them.
Your 5-Step IT Security Plan
Here are five steps you must take to uncover your IT security gaps:
1. Conduct external penetration testing.
Hiring a white hat hacker to conduct penetration tests can help you identify your key external security gaps much more easily than by using security vulnerability scanning tools. Starting with just your company name, these authorized hackers will use the latest attack vectors to gather as much information about your employees and infrastructure as possible. They’ll search for vulnerabilities in your website, applications, systems and configurations, and exploit them as a malicious person would.
If the white hat hackers can’t find any technical vulnerabilities, they’ll use social engineering tactics such as phishing to try to collect data from your users. Including social engineering with your penetration tests is vital to learn if your users are engaging in risky behavior.
You should perform penetration tests on a regular basis – especially if you’re in a regulated industry. This will ensure your systems are secure and keep you a few steps ahead of hackers.
2. Identify your internal risks.
As the NSA with Edward Snowden can attest, your employees can be your biggest security risk. An internal penetration test can tell you exactly how much information a disgruntled employee can make off with, and estimate risk of loss in case that person decided to do something malicious.
During an internal penetration test, an authorized hacker works inside your organization to exploit your internal vulnerabilities. They’ll look for weaknesses in your IT systems, databases, networks, applications, access controls and firewalls. This will reveal defects in your infrastructure and help you identify at-risk data.
You should perform an internal penetration test every time you perform an external penetration test.
3. Perform a risk assessment.
Based on the results of the external and internal penetration tests, you should perform a risk assessment. Analyze your risks and decide which ones are the biggest threats to your organization.
You may need to educate your organization’s executives about your risks and convince them to invest in security. Make recommendations about what needs to be fixed and how much you should invest to reduce your risk of security breaches.
Perform a new risk assessment every year to keep up-to-date with the latest technology and threats. A risk assessment is also mandatory if you accept payment card transactions and must comply with PCI-DSS regulations.
4. Create a data breach and security incident response plan.
The Economist Intelligence Unit found that while 77% of companies have faced a security breach within the past two years, 38% of these companies still don’t have an incident response plan. Globally, only 17% of organizations are prepared for a security incident.
An incident response plan is critical to quickly recover data and restore service after a breach. Your plan should specify:
- The members of your response team and the actions they should take in case of a breach or attack.
- Whom to involve to investigate a breach and get things up and running again.
- How you will communicate with employers, customers and stakeholders after a breach.
- How you will implement lessons learned to avoid similar breaches in future.
Test your incident response plan in action with your IT team and employees during your annual penetration tests. Your IT group should be able to detect and react to attacks internally. Test your plan in action and train your team to react and think proactively.
5. Test your backup and recovery readiness.
Many companies fail to test their backups. Your backups might not be as reliable as you think, leaving you vulnerable if your data is lost or corrupted. It’s critical to test your backups to make sure you can quickly recover your data after a breach or other security incident.
You can also consider backing up your data in several data centers. You might want a local data center to have fast access to your infrastructure, along with a data center in another city or country. If one data center goes down, you’ll still have your data available.
Test how your team is able to react in a trial case. Have them compete against themselves for the fastest time in rolling server backups into use.
Perform each of these five steps to identify your IT security gaps and learn what you must do to protect yourself from threats.
When was the last time you performed a security check? Do you have any tips for keeping safe?
Nazar Tymoshyk is a highly-regarded IT security and network infrastructure expert. In his role at SoftServe, Inc., Nazar specializes in many security disciplines including computer forensics, malware analysis, intrusion detection, and mobile application security assessments. He holds a Ph.D. in Information Security from the State University, Lviv Polytechnics, and is the chapter leader of the OWASP in Lviv, Ukraine.