Part 1
While many CIOs and CISOs think they’re taking the right steps to protect their organizations from cyber-attacks, the reality is that the number of successful attacks in the U.S. continues to climb, along with the cost per breach.

According to a survey conducted by HP and the Ponemon Institute, the average number of successful attacks increased 40 percent between 2011 and 2012, and the average annual cost of overall cybercrime increased 6 percent. HP’s annual Cyber Security Risk Report shows that mobility is a green field for cybercrime, with vulnerabilities rising in 2012 to 68 percent over 2011 numbers. Worse yet, 48 percent of mobile apps tested in 2012 gave unauthorized access.

What are the most critical steps CIOs should take to prepare for cyber-attacks? It begins with identifying which areas of the organization are most vulnerable to breaches, strengthening susceptible areas and establishing a response plan.

In a briefing with HP’s Andrzej Kawalec, Chief Technology Officer, Enterprise Security Services, we discussed the anatomy of a breach and what is going on in the industry today. The discussion couldn’t be any more timely given the discussion around South Korea being attacked and the growing cyber threats that emerge daily onto the scene. South Korea is a significant operational and financial hub for not only corporations based there, but also international corporations. This highlights one of the difficulties in operating in geo-physical disparate sites, across boundaries, and across the world as there is a balance to be obtained on the nuance of risk, security, and the understanding of threat levels those situations present. The international aspect of this puzzle is one of the most intriguing elements and it brings a whole world of complications along with it.

The best posture is to have planning and coordination around these situations. A current focus centers on additional controls, unauthorized access, expected activities, and expected behavior when it comes to data integrity. Some of the things to watch out for are such variables as:

• Remote location
• Out of an expected time zone
• Strange times
• Nature of data accessed

And that is just the beginning, but the key here is to index anomalous behavior for different users. This means understanding context, geo-political aspects, type of usage per user and so on. The next generation of security must follow this type of contextualization in order to disrupt the traditional security model in today’s digital security environment. The big question is how to disrupt that kill chain (infiltration, discovery, capturing company assets) while a breach is occurring, across the world, in different areas. There needs to be less focus on who is attacking a corporation and from where and more focus on proper breach response.

In our next part to come on Monday, we will look into what happens after a breach, with particular focus on core capabilities, breach mitigation and post-breach actions.