The need for real-time visibility of an organization’s security posture is becoming increasingly evident. If you don’t know what your current security posture is, you cannot know if what worked for your organization yesterday will also work today. A new threat intelligence can change an entire defense strategy for an organization. Thus, it’s important to ensure that the cyber defense mechanism is dynamic, real-time and on-line.
The risks of an attack are not new, but as incidents become more sophisticated and persistent, organizations need to move from cybersecurity to cyber resilience.
An effective cyber resilience program should include a programmatic approach to withstand disruptive cyber incidents. A simple way to look at an effective cyber resilience model can be to keep in mind the three P’s : Predict, Prioritize and Practice. We should be able to anticipate a breach rather than react to it as not all vulnerabilities require our immediate attention and the senior leadership of the organization is in the best position to decide what is a priority and what is not.
And lastly, we should have a governance framework with policies, procedures and accountability, integrated into the business strategy. This needs to be powered by the right people and technology. This should also be revisited on an ongoing basis for relevance with respect to emerging threats.
Today, one of the common mistakes organizations make when responding to a breach is not being able to provide timely incident data. A systemic lack of actionable data can hinder the efforts to anticipate and address cyber risks effectively. This indicates there is lack of intelligence in threat intelligence within the organization.
Today, organizations are paying a lot to receive threat intel. However, the intelligence they receive today is data they can find in their own logs, whereas threat actors are well ahead and have already weaponized artificial intelligence (AI) to unleash a new breed of cyberattacks. A lot of organizations deploy off-the-shelf response procedures, which are outdated and ineffective against evolving threats and sometimes this slows down their investigations.
Lack of coordination within key parties involved or wrong-sized and mismanaged teams lacking skills to make critical decisions is another factor where organizations go wrong. If your staff is not receiving regular training and is not being regularly tested, your cyber resilience strategy has a major deficiency in it.
A strong cyber resilient program ensures continuity of operation with minimum impact to business despite an incident. It is an iterative process providing the means of recovery from an attack. Organizations can follow some simple steps to start their journey of being cyber resilient.
First is to main basic hygiene. Measure and know your assets and infrastructure well. Remember: what you don’t know, you cannot protect.
Secondly, configure key security settings, manage access permissions and regularly update software with patches. Then, have systems and processes in place to find vulnerabilities before attackers and prioritize the most important threats. Threat intelligence must be flexible and should allow the user to deep-dive inside the threats and better understand their origin, the distribution mechanism, the actors, the potential victims, the attack vectors, TTPs and the data that is being accessed.
A threat intelligence program must also inform stakeholders in a way that is relevant and actionable to ensure stakeholders can enforce policies for better business integrity and continuity.
One of the key areas to focus on is to ensure the policies are engrained in the cyber strategy and driven by the organizations people, processes and technology. Security should be a board room agenda. IT should enable business to make informed decisions on how to manage cyber risk while continuing their growth agenda. Most directors or CEOs today realize the consequences on the bottom line apart from the damage to reputation caused by a breach or an attack.
Cyber resilience is about being prepared - it’s not bullet proof!