Co-authored by Robert Myles CISSP, CISM and Kevin McPeak CISSP, ITILv3
(continued from part one in our series: What is Canada's DPA?)
Start by understanding how data breaches occur. In simple terms, cyber attackers breach networks by exploiting vulnerabilities in people, processes, and IT systems.
- People and Processes: Examples include inadequate security policies, ineffective employee training, and weak policy enforcement. Each of these leave users vulnerable to phishing attacks and social engineering, etc.
- IT systems: Examples include inadequate HW or SW inventory management, weak security controls, unpatched software, and the possible exploitation of unsecured mobile devices and cloud applications and infrastructure.
Ultimately, data breaches are caused by the inability to:
- IDENTIFY those assets that must be protected,
- PROTECT sensitive data,
- rapidly DETECT the occurrence of a data breach,
- RESPOND quickly to a detected breach, and
- RECOVER from a breach by using lessons learned and industry best practices to prevent breaches.
Best Practices Protect
Organizations that embrace cybersecurity best practices are much less vulnerable to cyber threats. They are also the most likely to detect a threat early and act quickly to prevent data loss when a breach does occur. That said, many organizations still do not have basic security measures in place and according to a 2016 report by the Online Trust Alliance, 91% of breaches could have been prevented. Symantec has worked with the Canadian Government in an effort to address this knowledge gap.
In 2014, Symantec helped develop practical tools that would help Canadian organizations to protect their operations and promote the development of best practices. The “GetCyberSafe” initiative provides Canadian organizations with access to cybersecurity best practices, and can be accessed online here: http://www.getcybersafe.gc.ca/cnt/prtct-yrslf/prtct-smlbsn/index-en.aspx. Many of GetCyberSafe’s recommendations are based on international cybersecurity best practices, such as the United States’ National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Symantec was an early collaborator on the development of the NIST CSF and continues to work with NIST to ensure that, as it updates the CSF, it effectively maps to the evolving cyber threat landscape.
For more information on how to prepare for DPA, please visit: go.symantec.com/ca/dpa