Maintain information sharing networks with peer organizations
One of the most important things that an organization can do is to collaborate with its peers. With cyber criminals becoming more sophisticated and well-networked, security professionals need to communicate and cooperate to combat the threat and respond to incidents. “This collaboration is helping us build better protection and bring more cyber criminals to justice,” says Conroy. “We actively participate in information sharing with our partners, customers, government, law enforcement agencies, the intelligence community, and peer banks.”
Prioritize & categorize threats
An extension of that information sharing is prioritizing and categorizing the different threats that arise. Many of these threats come from international organizations, such as those launching spearphishing attacks designed to introduce destructive malware into a network. “Our primary focus is detection of targeted attacks, specially crafted exploits and malware combined with laser focused social engineering,” declares Conroy.
One way that security teams can protect against such attacks is by deploying layered security defense systems. Based on the military theory that a multi-faceted defense protocol is harder to penetrate than a single barrier, cyber security experts are using every tool in their arsenal to protect the networks and databases under their charge. By combining tools such as end point security, antivirus software, firewalls, VPNs, intrusion detection, encryption, strong authentication, etc. into one coordinated system, networks can be made exponentially more secure.
Utilize a layered flexible defense
Due to the constantly changing nature of the methods used by cyber criminals, Conroy stipulates that the technologies used to provide that defense must be flexible, not static. He explains, “Flexible technologies allow us to change the configuration in real time and perform sophisticated dynamic analysis, real-time threat intelligence and automated threat response based on the nature of the attacks seen in the network.”
Prepare to invest, now and then
All of these strategic components require an underlying commitment on behalf of the company to invest in current and future growth of their cyber security systems. Criminals are constantly engineering new and complex methods of stealing information, so the defense systems that stand in their way must be equally sophisticated, which requires greater attention, time and money. Conroy predicts that we “might see advances in encrypted systems, more focus on compliance, new cyber security laws, regulations and frameworks, stricter breach reporting laws...that may make it resource-consuming, harder and expensive to secure data and company assets.”
It won't be easy or inexpensive, but it's an investment that a company has to make in order to ensure its future viability and reputation.
Cyber Security Darwinism
Companies should abide by Conroy’s most important takeaway: “It is not the strongest of the species that survives; it is the one most adaptable to change.” Cyber security has certainly evolved by leaps and bounds over the past several years, but security is not a one-stop destination. Everyone must move forward together to adapt to the continually changing digital landscape. To gain and keep consumers’ trust, businesses must prove that they are offering the most up-to-date and sophisticated security protocols to protect sensitive information. Consumers are increasingly aware of a company's level of commitment to cyber security and actively follow their adoption – or lack of – new security technology. Changing times call for greater innovation and diligence by all, for the protection of all.