When it comes to cybersecurity you should first and foremost focus on protecting your business from a cyberattack. Your focus should not be simply to comply with new regulations. If you appropriately implement cybersecurity best practices, then you’ll optimize your dealership’s ability to fend off a cyberattack. And – as a consequence of your effective implementation of cybersecurity best practices – you’ll find that you also comply with regulations like the new FTC Safeguards Rule. In addition, you’ll find that you’ll be better able to secure cyber liability coverage at the best price. Regulations like the new FTC Safeguards Rule are based on cybersecurity best practices as defined by the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST). Therefore, correctly implementing these best practices has many benefits.
However, if your focus is just to do the least necessary to check the boxes on what the FTC Safeguards Rule requires then it’s very possible that you will NOT be effective at mitigating the risk of a cyberattack and you most likely will not be able to secure the best cyber liability insurance rates. The implementation of continuous threat monitoring – an FTC requirement – provides a great example of how the goal or your implementation will impact the value you derive from the implementation.
Continuous Threat Monitoring is the most effective cyber defense you can employ – if you implement it correctly. The proper implementation of continuous threat monitoring leverages a set of important technologies like Endpoint Detection & Response (EDR) and Security Information & Event Management (SIEM). These technologies however are just tools. The power of these tools can only be realized when you put them in the hands of a team of cybersecurity professionals.
Let’s say that your focus is to simply comply with the FTC Safeguards Rule. Since EDR and SIEM both continually monitor your network, you could just implement these technologies and claim that you have checked off the continuous threat monitoring box to comply with the FTC rule. After all, these technologies do continuously monitor your IT environment. But this would be a mistake.
If you implement EDR and SIEM you’ll be inundated with a vast amount of data and alerts and alarms – many of which will be false alarms. If you – like many dealerships – have a small IT team with a full plate of work to contend with then getting slammed with alerts and alarms is the last thing you need. Plus, it’s unlikely that your IT team with have the bandwidth and the expertise to effectively make use of the information these tools will provide. The result will be the implementation of valuable technology whose value is never realized.
Or perhaps your IT team does attempt to sift through and make sense of the data generated by these tools. What happens when an actual attack has started and your team receives an alert at 3am on Christmas Eve? Will they think it’s another false alarm and ignore it? If they do recognize that it’s an actual attack then when will someone act? Keep in mind that when indicators of suspicious behavior are identified action must be swift. A valid alert of suspicious behavior marks the start of a race against the cybercriminal. You must stop the criminal before he can access administrative accounts and begin to take control of your network. You don’t have time to wait for your IT team to wake up in the morning or for them to get back into the office after Christmas.
The FTC created the new Safeguards Rule to push businesses to bolster their cyber defenses and better protect consumer data from the cybercriminal. The FTC’s intent with the new Rule is not for businesses to implement a bunch of tools that check a box and do nothing to protect your business. To do continuous monitoring correctly and effectively and to comply with the intention of the FTC, you need to put valuable tools in the hands of a team of cybersecurity professionals who can sift through the noise, draw appropriate conclusions from the vast amounts of information they receive, and then take immediate action – 24x7x365.
If someone is telling you that an effective cyber defense can be totally automated and all you need is a box of tools, then they are misleading you. There is no magic pill. Remember, if something sounds too good to be true it’s probably because it is. Be careful.
