We are a full month into the New Year and threats to security still remain an ever present reality. From vulnerabilities to payment attacks to cyber breaches, more threats to security are sure to unravel within the next 11 months. Ensuring that you and your business are protected against these potential threats is of the utmost importance. We wanted to share Trustwave’s list of the 5 Golden Security Rules to live by as 2017 progresses. The five fundamental principles that they offer will be sure to keep your security intact and keep you following compliance standards. We provided some of our own insight beyond these 5 tips as well.
1: Maximize Protection of Your Security Infrastructure
You should have a number of countermeasures at your disposal to ward off adversaries and data attacks before entering their environment. Many internal and external threats can be thwarted at the source if you have the right integrated defenses put in place to provide network, data, endpoint, application, and database security.
2: Perform Regular Security Testing
The importance of constantly running security tests such as, comprising vulnerability scanning and manual penetration testing , cannot be stressed enough. Not only will it provide you more clarity on where you should be investing, but flagging exposure points before cybercriminals can get in will also take you out of reactionary mode. It will allow you to get ahead of your software development life cycles, configuration changes, IT sprawl and other factors that could leave the door open to cyber threats. A drawback that holds up security testing successes are the skills required to execute them. Merchants and business owners should consider partnering with a third-party expert if they lack the proper internal support.
3: Conduct 24x7 Security Monitoring
Trustwave notes that, “Today's threats call for real-time alerting, correlation, analysis and auditing that can only be accomplished with state-of-the-art technology and a vigilant team of IT experts.” The 2016 Trustwave Global Security Report found that only 41 percent of breaches were caught by the actual victims themselves. While this number has increased yearly, it still speaks to the clear resource difficulties that are facing businesses handling security monitoring of cyber threats on their own.
4: Hunt for Threats
Cyber threat hunting is described as a “focused and iterative approach to searching out, identifying and understanding adversaries internal to the defender’s networks.” While Trustwave advises that “hacking back is typically not advised for private companies,” threat hunting, known as a type of offensive strategy, may be a more realistic option. They also add, “As a corollary to security monitoring, threat hunting involves the manual act of collecting and analyzing data.”
5: Arrange an Ongoing Incident Response Strategy
Ensure that an Incident Response Plan is set in place. Prepare and regularly test your plan. Know your business and know what steps to take in the event of a data breach. Beyond the plan itself, you will want to designate and develop an internal breach response team with your employees. Educated employees on all of the possible indicators of compromise and how to respond to them. A good way to prepare employees is by creating mock exercises to test and refine your procedures.
Looking Beyond the 5 Golden Security Rules
Beyond these five tips, ensuring that your business is PCI compliant is another critical way to survive cyber threats. Annually, Sterling Payment Technologies conducts an extensive review of our own systems to guarantee that the highest security standards are set in motion for the handling, processing, transmission, and storage of your card data. Sterling has created a program for merchants that will recognize if they are operating on PCI compliance. The process pinpoints vulnerabilities in a merchant’s credit card processing system, including their POS systems, computers, servers, Internet applications, online shopping carts, paper-based storage systems, and unsecured transmissions of cardholder data to service providers. Complying with the PCI DSS is your greatest defense against hackers who are looking for weak spots in the network that enable them to get in and steal cardholder data. For those merchants not utilizing Sterling Payment Technologies, the responsibility of maintaining and validating PCI compliance typically falls directly on their shoulders.
A full description of the PCI DSS requirements can be found online at:https://www.pcisecuritystandards.org/ .