Another week, another major hack story. In the meantime we witness all these different attempts to stem these attacks using a number of approaches that are well-accepted, but not exactly universal in their application. This means things like perimeter security, proactive security practices, signature-based, and all the goodies that come along with that such as encryption, federation, and on and on. All of this stuff is great, but these protections – you’ve heard this before that a determined hacker (and sometimes its someone on the inside like a partner, ex-employee, whatever) can and will get into any system if they are determined. That being said, despite all these efforts out there, greater awareness, and economies of scale in the security industry, attacks are on the rise in the US every year for several years now. It is also true that more successful attacks are happening. Even worse, the costs of mitigation per breach is also on the rise, with a great deal of data supporting that fact, as in the discussions I have had with Dr. Larry Ponemon and his research.

The question is what more can be done about it, and after a recent briefing it is pretty clear that the answer to cyber-attacks lies in security services. Andrzej Kawalec, Chief Technology Officer, Enterprise Security Services, at HP shared insight on the anatomy of a breach as well as what organizations of all kinds can do to not only protect against, but deal and respond to cyber-attacks.

You’ve got to know where you are before you start down a path somewhere – wherever you’re going, it just makes sense. This is no different when it comes to cybersecurity. Kawalec recommends the following general strategy – identifying which areas of the organization are most vulnerable to breaches, strengthening susceptible areas and establishing a response plan. Of course there’s a lot of areas in between, and not one plan fits all. This has to be an individualized and collaborative strategy play, that’s where HP’s Enterprise Security Services exercises its vast experience and delivers the strategic elements that go into the best plan possible. HP is acutely aware of the anatomy of a breach. It knows which security controls organizations neglect most often, and which areas need to be strengthened to mitigate risk. That means knowing what today’s state of technology is, what areas are the most susceptible, and targetable, as well as knowing what security controls are deemed to be the most effective in these areas. Web apps is one of those current hot-spot targets, they are dependent on a mix and variety of technologies and often not exactly well-scrutinized for vulnerabilities. That is one of the modern common security threats that HP sees in their research and partnerships throughout the world. Raising the security posture of an organization, based on real-world info. Again, makes sense.

Of course, as we mentioned here, the not-so-impossible happens, there is a compromise. If you’re lucky it wasn’t one of your customers or a partner that notified you of a data breach. The question now is how to respond, how to handle and mitigate the negative impacts that potentially threaten the organization, its reputation, its alliances, its shareholder value, and the very core of its business. Again, this is another entry point for HP’s Enterprise Security Services, where world-wide experience is uniquely positioned in the enterprise. Throughout the world there is a myriad of complex regulations, political environments, compliance requirements, and tactical information that comes down to human intelligence. Let’s say your operations were affected in Hong Kong for example. When it comes to a cyber-attack response, or even an outage of some kind, neither the process, model or series of control points are consistent with what you would do say in the US, UK or other Euro process. There are too many differences in regulations, privacy and legal matters, just to start.

There aren’t that many organizations that can help you in a number of these states where governments are actively building barriers to highlight differences, and highlight the sovereign nature of privacy. At the same time, the black market, the seedy underbelly of cybercrime, – they recognize none of these international boundaries, real, conceptual, standards, or anything. All of these things take planning and experience, especially when it turns out your primary core capabilities are probably half a time zone away. Global threats need to account for this, that is why HP hosts 8 cybersecurity centers around the world, with more rolling out over the next 18 months. HP’s critical incident team responds on their SLA within 15 minutes, and delivers people on the ground in a couple of hours. From the moment an event is reported, the response must be absolute and as planned, hitting the ground running, with a clear concept of what the first, second, and third actions will be. Few organizations that can deliver on such terms of support with security in specific focus, with a systematic mindset throughout the process, even fewer have the assets to do it right.