It’s Not Really About The 98% Caught, But Its About The 2% You Miss.

Introduction

You might become complacent and consider a cyber-attack against your business to be a remote possibility. But attack methods are becoming more sophisticated every day, and organisations are increasingly reliant on technology to drive every aspect of their business. With this heavy reliance on technology, this means any organisation is susceptible to a cyber-attack.

The goal of cyber prevention has been to reduce the probability of an attack against the organisation; cyber resilience looks to minimise the impact of these attacks through effective cyber risk management. A cyber resilience program still considers detection and prevention techniques, but it also assumes that a breach is probable. This stance accentuates expectation, agility, and adaptation. In the cyber world, not every attack can be prevented, but with a cyber resilience program, damage can be minimised or avoided altogether.

But, it is not the 98.5 per cent that is caught that is the issue; it is the 1.5 per cent that is missed. With a small fraction of that same 1.5 per cent of current threats is missed by the NGFW (Next Generation Firewall), IPS (Intrusion Prevention System), and endpoint protection (EPP) system; then we have the beginning of a breach.

Modern-day cyberattack campaigns involve stealthy, persistent, and sophisticated activities to establish a footing in organisational systems; maintain that footing and extend the set of resources the adversary controls, and exfiltrate sensitive information or disrupt corporate operations.

Enterprise architecture and systems engineering must, therefore, be based on cyber risk management principles to ensure that mission and business functions will continue to operate in the presence of a security compromise.

To protect your critical organisational assets — and to keep your business running — you need to build cyber resilience and agility as part of your core business strategy.

Here are some recommendations for building a cybersecurity resilience program

Assess and Analyse

daily-active-users

Cyber-attacks can impact businesses in several ways, from the loss of data and intellectual property to business interruption and more. To protect all your critical assets and effectively manage cyber risk, it’s vital that you understand the cyber scenarios your organisation is most likely to face — and how much they can cost your business.

To assess your cyber risk, you should:

  • Identify and inventory critical assets — data, systems, and infrastructure — that are essential to your operations.
  • Review your internal controls and digital profile to identify internal vulnerabilities and external threats.
  • Value your cyber assets at risk using modelling and other data and technology tools.

By adopting these steps, the organisation can objectively measure its cyber risk, and incorporate quantitative data into your risk management decision-making.

Embed cybersecurity into the core business strategy

cyber-security-concept.jpeg

Cybersecurity must be core to and aligned with your organisational business strategy. This should be enabled by default and entrenched across technology stacks by design. This must begin with a typical project’s inception and be continuously validated across the entire project lifecycle, thereby reducing risk potential and maximising delivery assurance. As cybersecurity gets entrenched into core business strategy, organisations inherently gain a greater understanding of risks they face, and embrace the innovation needed to counter identified threats, and have the resilience to restore operations in the event of a security breach.

Drive security from the top-down and encourage a bottom-up reporting approach

Security is everyone’s responsibility. The Board and Executives must demonstrate accountability and support for safety across the organisation. Recognise and empower employee vigilance and engagement as an extension of the cybersecurity programme with the power to drive cultural change. Create cybersecurity consciousness. It’s far more cost-effective to investigate suspicious or fraudulent activity observed by an employee early in the attack cycle than to respond after it has occurred.

Mitigate the impact of ransomware

ransomwware.jpeg

Remain risk-focused. Minimise exposure to data by enforcing ‘need to know’ policies and implementing data and network segmentation. Prioritise and perform endpoint hygiene, including acceptable usage policies and end-user training to reduce the likelihood of users running malicious files. Boost monitoring to identify ransomware infections early. Enforce backup strategies and store backups offline. Maintain focus on foundational practices such as patch and vulnerability management, data encryption, and identity and access controls.

Use multisource intelligence

Use threat intelligence to prioritise resources effectively and mitigate threats before they impact your business. Incorporate it into the attack and breach simulations to improve cyber defences and incident management processes.

Outpace adversary sophistication through cybersecurity dexterity

Cybersecurity must move at the speed of digital business. The attack surface is fed by continuous releases by DevOps of features and application components that expose new vulnerabilities daily rather than over the much longer release cycles of pre-digital development. Be agile and responsive. Shift resources based on the changing risk landscape and short development cycles.

In Conclusion

The threat landscape is dominated by email phishing threats, exploitable vulnerabilities, and insider actions. Attackers are using macros, scripts, and social engineering methods, finding unpatched vulnerabilities, and compromising access credentials.

They’re also using newer methods, such as compromising trusted supply chains, shared infrastructure, source code, and applications, thereby increasing the need for software component validation. Although their ways continue to evolve, attackers still favour the path of least resistance.

Risks are less predictable than before, and attackers are developing more sophisticated ways of breaching defences. This calls for a mature and comprehensive approach to cybersecurity, understanding the risks while gaining buy-in from organisational leaders.

Over the last decade, one observation has remained constant: our adversaries operate on a global level, and we must counter this by investing in the right capabilities across people, process, and technologies to scale at the pace at which cybercriminals operate. With this approach in mind, and considering increasing demands by customers, industry, regulators, and governments, organisations must establish cybersecurity agility to seek competitive advantage.

To develop a resilient and agile cybersecurity strategy, please contact the Author by sending email to support@dangata.com. Or contact him directly at dangata@dangata.com.

 

Posted by Dan K Jatau Sr. MSc, PhD, MBCS, MInstLM

Dan K Jatau is a Nottingham, UK-based Information security and technology infrastructure expert and researcher who likes to write about technology subjects from both a business and technical perspective. His current interests are business-driven security architectures, identity and access, the Cloud, virtualization security and all aspects of security. He currently works in security program development and architecture and develops enterprise security programs for SMEs.