Read Time: 4 Minutes
In the world of cyber security, there is a lot of hype, and a lot of players claiming to have the exact solution that will solve your security worries. At worst, companies end up spending precious money on security controls whose inner workings they do not understand and whose relevance to the actual threats remain vague.
The purpose of controls is to provide safety and security. Originally, controls have been thought of in terms of perimeters and controlled access to a physical space. Essentially, controls would keep bad things out so that good things can take place without fear.
With all these investments in control, why do security breaches keep on happening? Let’s be blunt: there is no one solution that would fit all and solve all problems. What it boils down to is knowing your business environment and assessing the risks. But the reality is that in most cases we are still trying to work out how to describe our needs for security and how to apply appropriate controls that would actually make us more secure instead of just making us feel secure. In the world of cyber security, not many have the ability to cut to the core of the threats to determine what controls are needed.
A proper balance of controls is necessary to achieve confidentiality, integrity and availability in business and the data handled. To do this, there needs to be a balance and the right focus in investments into prevention, detection, containment, and recovery.
Cyber security advisor Erka Koivunen explains these four different types of control in cyber security:
- Preventive controls aim to prevent the threats from taking place in the first place. Preventive controls include patching and applying security updates, strong user authentication and restrictions on users’ permissions. One can also enforce network security policies by employing traffic filters such as firewalls, by deploying security software such as anti-virus, and by only allowing verified, trusted applications to execute (a.k.a. whitelisting).
- Controls to detect step in when there is an attempt to breach the security and provide evidence when the attacker is successful. Detective controls include event log creation, log analysis and correlation of events. Furthermore, anti-virus products and intrusion detection systems are systems that provide additional insights into security breaches.
- Controls that attempt to contain the adverse effects of security breaches will limit the impact of a successful security breach and absorb the force of an attacker. Properly working containment works to save the victim from the escalation of a breach. The end result is a defendable system where incident response is effective. Examples of containment include network segmentation, role-based user access control, logical and physical duplication, and backups. Another way to approach containment is to design systems in such a fashion that they can continue to perform their core tasks even when they lose connectivity to external systems and data sets. Systems should fail gracefully without losing data, harming equipment or people.
- Lastly, there is the ability to recover from a security breach and determine what assets we still can trust to run our business. In the context of cyber security, these controls can include not only backups, but also a proven way to restore data and workable systems from those backups. Alternate sources of electrical power and network connectivity should be complemented with easily deployable reserve computing resources. An essential part of successful recovery is to identify the key human resources, information and equipment needed to get things back to normal. In terms of partners and subcontractors, this also means that relevant agreements and subscriptions are in place.
The preventive controls, which most companies usually invest in the most, are typically an “install and forget” type of controls, such as anti-virus and anti-malware software. While these (if they are of the modern type) are essential as part of the holistic security approach to stop most of the attacks, they alone are not enough. We also need to be able to efficiently detect if something has managed to penetrate these defenses. Because let’s face it: if someone with enough money, resources and motive wants to get in, they usually will. The attacker only needs to succeed once, whereas the defender would need to have a spotless scorecard – which nobody has. It is essential to be able to detect the incident as well as to be able to stop the attack from spreading in the network. As a victim of a security breach, you’ll appreciate the ability to efficiently recover from the attack.
Check out the recording of our webinar with Erka to learn more about where to put your focus, and how to self-assess your investment when designing a comprehensive cyber security investment strategy for your business.
This post is based on the presentation Erka gave to our partners and customers.
Please fill in your details to read more.