Assume a breach to better protect yourself

Canada is a wealthy country with valuable trade secrets and intelligence relationships. That makes our networks an attractive target to cybercriminals looking for financial gain. Today’s threat actors are relentless, and they have a wide range of tricks to employ.

IT professionals know they need a security program that matches the value of what they’re protecting. It should also contain the latest security devices and programs, and have the latest software patches applied. But a robust security program must also assume that a breach will occur.

Security programs should include methods like intrusion detection Intrusion detectionA security service that monitors and analyzes network or system events to warn of unauthorized access attempts. The findings are provided in real-time (or near real-time). and incident response to stop attackers before they can export any critical data, or damage data or applications. To ensure you have designed your security programs to account for a data breach, ask yourself:

• What tools and techniques are in place to detect and prevent intrusion?
• How confident are you in the effectiveness and integration of those tools?
• How will you be alerted to a breach?
• What will you do if you are breached?
• How will you know if critical data has been accessed or is being accessed?
• Do you have the capability to determine if an attacker is in your network?

It is essential to detect an attack fast. You should be able to respond to an incident or cyber attack Cyber attackThe use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device.  before a significant amount of damage has occurred.
Predefined processes should be in place for responding to and reporting on problems, incidents, or breaches. Poor or slow decisions are more likely without carefully planned incident management processes, potentially exacerbating the overall impact on users.
These processes don’t need to be complex, but good incident management will minimize the impact on users. Your security programs should include:

• A procedure that can be quickly deployed in response to security incidents;
• A process for responding to common types of incidents or attacks;
• An up-to-date contact route for reporting security incidents in a timely manner; and
• A method of engaging the help of your partnership network.

It makes sense to plan for the inevitable. Shift the focus from “if” to “when” a breach will occur; your incident response plan will be much better as a result.