Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

Want an Ounce of Prevention? Start with a Pound of Detection

By Steven Chabinsky
Campus Security Moves to the Fore at Colleges and Universities
October 1, 2016

It takes months for most computer intrusion victims to learn they were breached.  Unfortunately, the hackers get busy much sooner, often stealing data within days if not minutes.

Once inside the network, the bad guys first might install their favorite malware, including keystroke loggers to gather passwords (yes, even those strong passwords you worked so hard to create); turn off security notification alerts; disable anti-virus programs and firewalls; clear log files of their activity; lock legitimate users out of their accounts; create new user accounts for themselves so they can sign in like decent folks; and, basically do whatever else they like, whenever they like, from wherever they like.

Or, you can detect the hackers and shut them down.  But how?

Last month’s Cyber Tactics column explored continuous monitoring, and pointed out that companies have wide latitude in selecting and applying their detection methods. Fortunately, an increasing number of organizations are moving to a powerful combination of improved endpoint detection, fully integrated log and event management, and big data analytics.  As a result of enhanced monitoring and analysis, detection times are being reduced to minutes (without a rise in false positive rates), and security solutions are doing a better job contextualizing alerts (describing not merely what is happening, but why it matters) and correlating events across the organization (contrasting, for example, coordinated hacking campaigns from a series of one-off commodity infections).

Still, we are a long way off from achieving full network security through automated detection alone. Enter the last category of the NIST Cybersecurity Framework’s “Detect” function: “Detection Processes.” It is here that organizations are meant to focus on detection roles and responsibilities, legal and compliance requirements, testing, communicating results and constant improvement.

The harsh reality is, even once detected, companies often fail to respond to an incident alert in a timely manner, leading to a perception that the organization was asleep at the wheel.  Ensuring sufficient, well-trained staff is a good first start, as is considering the use of a Managed Security Service Provider.  Either way, particular attention must be paid to team structure and incident response procedures.  Consider enhancing accountability by assigning different people to the roles of device configuration and support; incident and event data structuring and management; data analysis; and incident response.  Then, focus on clearly defining initial notification, escalation and de-escalation procedures for reporting and responding to common events and significant incidents alike.

In the OPM breach, hackers gained their initial foothold to the agency’s networks nearly a year before they were discovered.  In contrast, but to similar effect, the Target breach set off immediate alarms, but the team determined that it did not warrant immediate follow up.  The question for Security readers comes down to this: Is your company prepared to do better?

KEYWORDS: cyber attack detection cyber risk mitigation data breach NIST standards

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chabinsky 2016 200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • protect-cyber-security-freepik783.jpg

    CMMC: An ounce of prevention is worth a pound of cure

    See More
  • Traveling with Technology Security Magazine November 2017

    Traveling with Technology: An Information Security Guide

    See More
  • cyber 2 responsive default

    Securing the Physical Side of Cybersecurity

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing