Insider Threat Management

10 Ways to Avoid Being the Chief Scapegoat Officer

Sometimes CSO stands for Chief Scapegoat OfficerYou’ve been the leading security officer for years– making critical security purchase decisions, staying on top of rapidly changing technology, road-mapping efficient IT strategies and policies while doing your best to ensure all company’s critical data is accessible, organized and secure. Employees look to you for a wide range of support. Then a breach occurs, and suddenly you go from company problem solver to Chief Scapegoat Officer within a matter of minutes.

A lot of responsibility falls in your arms, but the following ten principals should prevent fingers from pointing at you while further enhancing security altogether.

  1. Plan for a data breach. To successfully plan for a data breach, hope for the best but assume the worst. By visualizing worst-case scenarios with disaster recovery plans, containing damage will be much easier. Consider establishing an incident response team and delegate responsibilities to various department heads in your company, including PR, HR and Legal Officers. Supermarket Publix recently gained positive recognition for contacting PR firms about the best way to handle a breach. This disperses research and responsibility over a number of departments. A security breach affects all facets of a company, so everyone should have a part in trying to prevent and/or mitigate one.
  2. Prepare and practice. After comprehensive planning has taken place, prepare your company by practicing the security procedures. Much like a “dress rehearsal” or a fire drill, you won’t know how well your recovery plan fares until you try it out. By conducting strategic exercises, you will be educating staff on how to react to a breach while finding flaws and gaps in the recovery process before it’s too late.
  3. Figure out what your crown jewels are. Much like you make sure to lock away your most valuable possessions, companies should be doing the same with their critical information. Whether its customer data, financials, or other intellectual property, data should be prioritized by order of importance to your company and its relation to each other. Once you’ve figured this out, extensive protection, through isolating sensitive parts of your network, and monitoring should be placed on this data and the users accessing it.
  4. Have many security measures in place. Cyber attacks are often attributed to the use the root user privileges, but, attackers can enter through various doors. You can never be too secure, so have a variety of security measures in place such as updated firewalls, anti-virus software, encryption, two-step authentication, alerts, monitoring and strong perimeters around your system’s sensitive information.
  5. Compliance as a starting point and not an end goal. Enterprises often feel secure after satisfying regulatory compliance standards. Although it’s mandatory to adhere to these standards at first, audits and other legal requirements only provide a snapshot into your security at that particular moment. Implementing extensive monitoring and recording software that provides complete visibility into what’s happening in your servers at anygiven moment is far more effective, and will help you stay compliant just the same.
  6. Conduct risk scenario analysis. Being able to discover a gap in security through risk scenario analysis and analytical software will drastically minimize discovery and recovery time. Understanding exactly who did what, for how long, and precisely what configuration changes were made allows you to see the whole picture clearly and therefore prevent future incidents from happening. Focus your security strategy against your biggest threats. User based risks are the fastest growing threat faced by IT managers today – user activity monitoring can be a critical tool against insider threats.
  7. Get the facts & stats straight before going public. Consult with your legal counsel, HR and PR departments on the best way to disseminate information regarding a breach. There should be a step-by-step approach on when and how to disclose information to media outlets and the public, and that’s almost always after everything’s been confirmed. Reporting too early causes unnecessary concern and higher costs. With a comprehensive monitoring solution and bulletproof evidence into what happened, you can disclose incidents sooner than later.
  8. Enforce your policies. Nothing tells employees that they can be lax about security more than an IT Officer who doesn’t enforce policies. Make it known that you care. To avoid blame and confusion, be proactive and vocal about what you’re doing to keep your company secure and offer policy reminders that demonstrate how employees can keep data safe.
  9. Take responsibility, empower your team, be a leader. Take it from Home Depot CEO Frank Blake who maintained his reputation by taking full responsibility for the large-scale breach they underwent. It may seem like you’re pinning the blame on yourself even if it’s not your fault, but you’ll gain much more respect from employees and customers than if you didn’t.
  10. Never be satisfied. Companies often make the mistake of solely focusing on detecting known threats, rather than researching the constantly evolving tactics of attackers. Stay up-to-date and keep an ear to the ground for new solutions. There is much to learn from other companies who have gone through security breaches as well. The willingness to always improve is the only way to maintain a secure network.

Information security should always be top priority in your company’s mission statement and staying on top of the game isn’t always easy. Fortunately, tools are available that specifically address your fastest growing threat. Being able to granularly search through activity logs by user, application, or sessions launched will save you a significant amount of time and effort so that you can look to the future rather than focusing on the past. Help bring awareness to the people around you and educate them on what they can do to help keep data secure as well.

What other advice can you offer to keep data secure and prevent the blame from being on you? Leave a comment below.8

Subscribe to the Proofpoint Blog