If you’re still focusing on preventing breaches as the main component of your cybersecurity plan, it may be time for a switch. According to Michael Hayden, who previously headed up the U.S. National Security Agency and the Central Intelligence Agency, breaches by hackers are inevitable. “They’re going to get in,” Hayden said in a recent Fortune article. “Get over it.”
Hayden stressed that it’s important to shift the focus from preventing cyber attacks to minimizing the damage they cause. With government agencies and Fortune 50 companies getting attacked, it’s apparent that all companies — both large and small — are vulnerable, he pointed out.
“Most of the history of what we call cybersecurity has been in that middle factor — vulnerability reduction,” Hayden said. Solutions have ranged from developing complex passwords, establishing firewalls and software patches to prevent intrusions.
However, he said, IT professionals should take the approach of figuring out which areas should be protected in the event of a cyber attack, which seems more likely as those breaches become increasingly sophisticated.
To establish a plan, focus on determining the type of data that takes a priority in terms of protection and devote your resources to shielding it. The comprehensive plan should include who has access to that data, and what steps are being taken to protect it.
Focus on Authentication
Authentication, in which systems are in place to validate identities, can be crucial to this type of plan. A recent governmental report indicated that authentication is among the foremost measures in protecting data against cyber attacks.
More traditional authentication technologies, including passcodes and smartcards, won’t be enough. Researchers are looking to more sophisticated measures of authentication technologies, including those that make use of the Internet of Things, which is built on a network of various identifiable devices through digital certificates.
As the technology advances, these types of solutions will be further explored as a way to minimize damage to the most crucial parts of a company’s operations.