Compliance is something that has every administrator and manager sweating. Instead of agonising over new compliance requirements, it's important to understand why these regulations are becoming more and more stringent.
For example, the GDPR, which is coming into effect next May, contains a comprehensive list of articles that enterprises in the EU have to adhere to. Securing sensitive data, whether it belongs to an employee, business, or customer, is a priority for governing bodies, and this is just one reason data security is at the heart of every IT compliance regulation.
The world has faced several major cyber attacks in 2017. The recent Equifax data breach in the U.S. has shown the consequences of a large-scale data breach: legal action, fines, or worse, a complete loss of trust in the business. And mind you, Equifax is a billion dollar company. Their whole operation might have seemed fine, until the day they realised they were victims of a cyber breach, and everything changed.
In light of headline-making cyber attacks, businesses are starting to understand security risks and allocate a much larger budget for IT security spending. Governments and regulatory bodies are also understanding this and are forcing enterprises to implement tighter security measures. Implementing tight security measures involves deploying an array of security tools that help with sealing vulnerabilities, quickly detecting and responding to threats, and recovering from a disaster.
In Australia, the Australian Signals Directorate (ASD) has specified a set of mitigation strategies to help government agencies and businesses deal with cyber attacks, which can stem from many fronts. Preventing security breaches comes down to a few key steps. For starters, you need to be in control over what is happening in your IT. Important security activity, configuration changes, and other events of interest must be tracked. If these events are left unchecked, they can create a loophole in your defenses.
Take your Active Directory for instance. A critical change, such as a security group membership change, can result in an unplanned escalation of privileges, thereby jeopardising your organisation's security. So, a security administrator needs to know the details about the changes made to Active Directory objects—users, computers, groups, OUs, and GPOs. You need to know:
- Who made the change.
- Which object was changed.
- When the change was made.
- What the new value is compared to the previous value.
You need to be in a position of control over these four vital W's, and be able to easily pull out data from your systems to show your auditors. A specialised real-time auditing tool, like a SIEM solution, can help you with this.
Another major development is the fact that some governing bodies require notification about a data breach, but the specifics of these types of mandates depend on the nation your organisation operates in. Generally speaking, failure to report an incident within the stipulated time will make your business liable to hefty penalties due to non-compliance. Here, a SIEM solution can help alert you about security threats and also provide forensic information that you can use while filing an incident report.
Remember, it is important to first assess the security systems you have in place, identify what is lacking, deploy the right set of security tools, and ensure your security operations team is aware of the latest attacks and mitigation strategies. The battle between hackers and security teams is only going to get more intense. Be prepared, stay secure and compliant.