This is part two in a three-part blog series on security that is following the three sessions on these topics at ILTACON 2018. We've now arrived at DETECTION. When things happen, you want to know. And it is important that you put in place ways to know.
Detection is a critical part of your security initiative. It would be nice if nothing bad ever got into your firm or no unsanctioned departure of important data ever left your firm, but that is not the world we live in. Programs, processes, solutions and education must be in place to detect attacks on the data we've been entrusted to protect. And time is of the essence. The sooner you know of an incident, the sooner you can address it. As stated in the description of this ILTACON session, "Early detection can save your career."
As with all aspects of your security posture, you have to take a holistic approach. Understand your culture, know the threats you face, and tie it all back to the risk to the firm's business. In most cases, we have many things driving us to have these measures in place (e.g., client requirements, regulatory requirements, etc.). Understanding these drivers will greatly help with buy-in for the systems you will put in place for security.
There are many tools available to help with detection. Data loss prevention (DLP) solutions are widely available. Existing systems (such as your document management system) likely have updated features that leverage AI to bring you anomaly detection and behavioral analytics. Partner with your vendors to find the right combination of systems and tools that will help you detect when activity in your environment is suspect. Also keep an eye on the future. Your cloud connectivity will only increase in the days ahead. This will add new areas where there is or will be a need for detection solutions.
And don't forget to empower your people with awareness. People are a great resource for early detection. Educate them on the important role they play in your security efforts. Keep this information in front of them on a regular basis using relevant and meaningful examples to get them involved. People need to know that EVERYONE in the organization is part of the security team. To keep people at all levels engaged, don't forget to thank them for their service.
Next up…RESPONSE! What to do when bad things happen.