Security incident preparedness within reach of NZ businesses
FYI, this story is more than a year old
A recent study suggesting New Zealand companies are falling behind the global digital transformation curve because of risk aversion and a growing gap in incident response preparedness may have come as a disappointment to the country’s leaders in digital security and IT. However, these issues are very familiar to companies around the world that have faced similar growing pains in recent years.
Fortunately, New Zealand’s business community is in a prime position to learn from those who have already overcome these challenges to balance risk with innovation efforts and propel the country ahead of the digital transformation curve.
While minimising security risk presents an ongoing balancing act for the IT suite as new technologies are introduced to market, ensuring a thorough incident response plan is in place will help secure support for new technologies, address concerns of regulatory agencies, and protect companies reputations in the event a vulnerability is exploited.
Today there are more than 25,000 different types of smartphones on the market, along with hundreds of connected technologies commonly implemented in offices, manufacturing plants, and other business environments. Each piece of hardware is tied together by one or more networks which may also include any mix of the hundreds of cloud storage and data management providers.
With so many components to consider – each one presenting unique opportunities for data or network access to fall into the wrong hands – it’s no wonder so many executives prefer to remain more safe than sorry when considering digitisation of processes or customer experiences. But, as with any big challenge, breaking down the roadmap into a few attainable goals can quickly set you on a path to success.
Determine which technologies are accessing your network
To properly respond to an incident, it is important you have a clear idea of how someone may gain access to a network. Are employees allowed to access the corporate email server with smartphones? Are they using cloud storage services such as Dropbox or Google Drive to manage documents?
These technologies offer enormous efficiencies in managing a business, but also allow for one text message, email, or copy/paste to result in a security incident or data breach with significant repercussions. However, because the value these technologies add to businesses largely outweigh the risk, allowing employees to access networks using these technologies may be justifiable and should be appropriately addressed in the incident response plan.
By gaining a clear picture of which technologies are currently accessing a network, IT leaders can determine the mix of vendors, policies, and risk components to address while considering how potential digitisation efforts impact, change, or add to the risk model.
Identify the right set of incident response tools
Incident response practices are as old as network technologies, which means many tools, processes, and vendors may no longer meet modern needs. As the number of device models on the market has increased exponentially, so has the number of devices each individual employee uses in the workplace. In fact, the average company network may have twice as many mobile devices as laptops or PCs, creating a very different risk profile than what may have been common 10 years ago.
When evaluating the right mix of tools, IT leaders should be wary of any platforms claiming to be a one-stop shop covering every type of technology. Mobile operating system developers continually push new versions, updates, and fixes to devices creating an ever-changing and dynamic challenge for these providers to maintain support.
Although no single tool will meet all needs, businesses should consider partnering with providers that have demonstrated long-term and substantial expertise in the technologies specific to the network. This may require adopting a mobile- or IoT-first approach to the incident response plan, as opposed to the desktop- and data centre-first schemes from the past decade.
Update data governance and employee policies
With a clear picture of the risk profile and the right portfolio of incident response tools in place, implementing a new plan is as simple as updating corporate policies.
IT leaders should be sure to address data governance procedures clearly stating how employees and technologies may and may not handle, store, and transmit sensitive information. Additionally, these policies should outline the permissions and procedures of the company in the event of a security incident.
Should an incident involve employee-owned devices such as smartphones, tablets, or home computers, the company may need an employee agreement in place to allow for the examination of these devices as part of an investigation.
With these components in place, New Zealand’s business leaders will be well prepared to address security risks resulting from digitisation efforts, tackle security incident investigations quickly and efficiently, and propel the country into the modern digital business era.
Article by Oxygen Forensics chief operating officer, Lee Reiber.