Industry Trends

Steps for Adopting a Proactive Approach to Data Breaches

By Fortinet | April 02, 2020

As data breaches continue to make their way into the public news cycle, individuals and organizations alike are looking for ways to protect their financial and personal information. When it comes to this type of threat, two things are known to be true – the cost of a data breach is very expensive, and if you have been breached it could happen again.

In a recent interview with Forbes, Fortinet’s Phil Quade said it best: “Data breaches are confidence vampires: They imbibe on misplaced-trust that consumers place in unsecured data repositories… Without knowing what your core assets are, or constraining the risk and scope of potential compromise, you’re defending in the dark from all sides.”

Baseline Security for Data Breaches 

The impact of a data breach can have long-term effects on both the financial and reputational state of an organization. Despite this, some still do not have the security solutions in place that are required to effectively defend modern, digital environments from data breaches. And as networks continue to expand through digital innovation, that security gap continues to widen. Network protection calls for the establishment of a security baseline that features three key elements.

  1. Thorough Risk Assessment: Due to the complexity of today’s network environments, organizations must focus on the most critical aspects of their business and constantly ensure that their security initiatives align with their business objectives.

  2. Alignment of Security and Network Architecture: As networks expand, security teams must work to keep up by continuously identifying potential blind spots to maintain full visibility and control. Organizations should also assess available attack paths to critical data to best determine which vulnerabilities need to be addressed first. Frameworks to consider include ISO, CIS Critical Security Controls (SANS Top 20), and the NIST Cyber Security Framework.  

  3. Identification of Assets: While the adoption of new devices and technologies has its perks, it can also present several cybersecurity-related challenges for organizations. Fortinet Field CISO Alain Sanchez, explains, “The growing number of endpoint and IoT devices across networks makes it difficult to maintain an accurate inventory, which increases complexity and reduces visibility.” The frequency and sophistication of today’s data breaches highlight the fact that security can no longer be pushed to the sidelines, especially during digital transformation efforts. To prevent an attack, organizations must invest in security tools that can assess the network and identify devices, operating systems, and patch levels – even as the network footprint continues to expand. In larger environments, this information should be used alongside critical threat intelligence so that security teams are not only able to see but also prioritize their risks. 

Taking a Proactive Approach to Data Breaches 

In addition to establishing this baseline, organizations must also deploy solutions and adopt certain strategies designed to work together to protect critical data and assets from being compromised or stolen. This includes the following:

  1. Security Hygiene Practices
    It may come as a surprise that a majority of data breaches are caused by threats that have been around for weeks, months, or, in some cases, even years. In fact, most of the attacks being detected in the wild today target vulnerabilities that organizations have had the opportunity to patch for at least three years. With this in mind, organizations must prioritize the patching every cataloged device immediately, even before establishing a formal protocol for patches and updates. And those devices that cannot be patched or updated should be replaced or protected with proximity controls such as IPS systems and zero trust network access. And in addition to patching, security teams must also ensure these devices are properly segmented, and that the network has the ability to automatically detect and quarantine compromised devices.

  2.  Leveraging Threat Intelligence
    When working to stay ahead of cybercriminals, organizations should not underestimate the importance of advanced threat intelligence. While local intelligence gathered across one’s network is a critical piece of the puzzle, it alone cannot provide enough data to be truly effective. “Threat feeds are crucial in keeping security teams up to date on the latest exploits around the globe,” says Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet. “The data that is pulled from these feeds can be converted into actionable intelligence that can then be combined with local intelligence and then distributed across the security framework, resulting in maximum protection.”

  3. Signature-based Detection Tools
    Most vulnerabilities that have been or are being exploited are known, meaning attacks targeting those vulnerabilities can be detected via signatures. By employing signature-based detection tools, security teams can quickly scan the network and fend off any attempts at infiltration or the execution of exploits targeting known vulnerabilities. “Signature-based tools are [also] a great option for complex environments that feature various IoT and other interconnected devices that cannot be updated,” explains Joe Robertson, Field CISO at Fortinet. 

  4. Behavioral-based Analytics and Data Sanitization
    For those threats that do not have a recognizable signature, organizations must employ advanced threat protection solutions such as sandboxes and User Entity Behavior Analytics (UEBA) tools. Since most threat actors also have the ability to learn and mimic legitimate traffic patterns to evade protection, security tools need to do more than just look for low-hanging malware. They must also “conduct an in-depth inspection and analysis that focuses on patterns that can then be used to detect and diagnose malicious intent,” according to Alain Sanchez. 

    Finally, these systems should be able to proactively and automatically intervene even before an attack takes place. By employing data sanitization strategies, such as Content Disarm and Reconstruction (CDR) tools, organizations can get ahead of potential threats, removing malicious content from specific files and stopping an attack in its tracks.

  5. Use of Web Application Firewalls
    Today’s cyber threats are anything but traditional, therefore the same must be true for today’s security tools. Despite the inherent risk of web-based attacks, many organizations are not able to adequately test or harden their web applications before they are deployed. Jonathan Nguyen-Duy explains that by employing a web application firewall (WAF), “organizations can achieve a deep level of inspection of web application traffic that goes beyond what traditional NGFW technology can offer.”  

  6. Replace Traditional Point Security Technologies
    Most traditional point security solutions tend to operate in isolation, meaning they are not getting the full picture of the network and can only respond to what is directly in front of them. Considering the sophisticated nature of today’s multi-vector cyber threats, embracing a fabric-based approach to security is critical for keeping constantly-evolving network architectures protected against data breaches. Alain Sanchez stresses the importance of this fabric architecture, stating, “It offers benefits that are necessary in the face of a data breach, such as single pane of glass management for visibility purposes and an automated response to attacks.” 

  7. Network Segmentation
    Considering the frequency at which data and applications flow across today’s digital environments, organizations must also segment their networks as a means of preventing threats from spreading. This can be achieved through the deployment of internal network segmentation firewalls and the establishment of macro- and micro-segmentation strategies. “By doing this, security teams can create consistent policies across the network and more effectively manage and secure the movement of data and applications,” explains Joe Robertson. The process of segmentation is especially critical when large amounts of data are being collected and correlated in either a single environment or throughout multiple network environments. This will ensure that the correct controls are in place to detect threats that have permeated the perimeter of one network segment and are moving across the environment – without it, the success of a data breach that can move end-to-end across the network is essentially inevitable.

Final Thoughts

The frequency and sophistication of today’s data breaches highlights the fact that security cannot be pushed to the sidelines. Defending against these threats requires proactive strategies, as noted by the cybersecurity professionals quoted above, that not only rely on security solutions, but also organization-wide awareness of these risks. By creating a baseline foundation for security and embracing a range of integrated and automated strategies that can be deployed broadly across the network, organizations can protect themselves and their customers from the specter of modern breaches.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.

Find out how Echoenergia and New Zealand Red Cross used Fortinet’s Security Fabric for protection from the network edge to core.