[BreachExchange] Adopting a resilient cybersecurity posture

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 4 14:29:05 EDT 2017


http://www.livemint.com/Opinion/G1dbWT1Xa99gs2CAV5UeyO/Adopting-a-resilient-
cybersecurity-posture.html

The fast pace of digital adoption has earned data the moniker of the “new
oil” of the 21st century. However, adequate protection of digital data is
proving to be the final frontier for organizations today: the year 2017 has
thus far seen an unprecedented wave of cyber attacks on all types of
digital data repositories locally as well as globally.

The attacks have been damaging not only in terms of operational disruptions
but in economic terms as well. No single industry sector has remained
unaffected. A case in point that highlights the damage caused by such
attacks is logistics company FedEx acknowledging that the worldwide
operations of TNT Express, a transportation company it owns, were
“significantly affected” by the recent Petya cyber attack. The company even
included this information in its annual filings to the Securities and
Exchange Commission.

Looking back in time, a similar wave of security breaches in terms of
pattern and impact was observed in 2002. A series of global attacks on
account of vulnerabilities in Microsoft products were exploited by Code
Red, Nimda and Klex computer worms. The attacks triggered a spontaneous
reaction across the entire ecosystem. The 2002 “trustworthy computing” memo
written by Microsoft co-founder Bill Gates called for a security review of
all Microsoft products at that time which is estimated to have cost the
company more than $100 million in terms of programme changes.

As computing form factors transformed from desktops to laptops and then to
tablets and mobiles, the processing power and the data storage capabilities
have increased tremendously. And while a broad-based adoption of “computing
on the go” has ushered in productivity benefits besides opening up new
business models, it has, nevertheless, created a “wild West” situation on
the internet in which anything and everything digital can be traded freely.

The current spate of cyber attacks are largely focused on taking data out
of an organization—in a process called data exfiltration—and often aimed at
business disruption. The evolved attack pattern is forcing organizations to
go back to the drawing board in terms of their cyber defence strategies.
The perspective has evolved from securing and protecting the cyber border
or the perimeter of the organization to securing and protecting the
organization’s “cyber supply chain”. Modern-day attackers operate in the
target environment for months before being detected and hence security
professionals now need to focus on anomaly detection techniques for
outbound traffic in addition to inbound traffic analysis.

In my recent experiences with multiple organizations, the breach was first
discovered by an employee prompting a question as simple as, “Why did I
receive a password reset email when I did not request one?” The subsequent
analysis often led to the detection of the attackers who have been silently
working for a significant period of time. The emergence of artificial
intelligence (AI)-based cyber attacks only means targeted attacks will be
quick and extremely disruptive.

Regulatory requirements, including mandatory breach reporting requirements,
as well as technology innovations, are enabling organizations to
re-engineer their cyber defence strategies to address today’s requirements.
Increasingly, organizations are enhancing their vendor risk management
solutions covering the cyber security health of their critical supply chain
to ensure a reasonable cyber security posture.

A new age vendor risk management solution requires an organization to
continuously monitor and quantify the cyber risk of third parties. The
continuous monitoring approach adopted under these solutions over the
prevalent practice of a snapshot-based security audit makes it possible to
reduce exposure to serious data breaches from third parties in addition to
the organization itself. This risk is especially important in case of the
third-party provider storing personally identifiable information (PII) or
other sensitive information on a public cloud in order to deliver a
business service.

In addition, cyber breach response and recovery areas are perhaps the
weakest processes in most organizations. Cyber breach simulation drills and
workshops similar to the emergency situation drills for natural disasters
and fire preparedness can ensure organizations’ readiness in moments of
actual crises. Cyber liability insurance, especially coverage for business
disruption losses and data breach recovery costs, is also becoming
increasingly important to cover business risks.

Given the cyber security context today, organizations need to recognize the
fact that cool technologies—including AI-enabled cyber security
solutions—are good, but what makes them work is the skill and talent of
humans operating them on a day-to-day basis. In addition, maintaining a
good cyber security posture is a collective responsibility and, as such,
continually maintaining end user awareness based on current threat
perceptions is the most important component of cyber security strategy for
any organization.

In summary, the state of being fully cyber secure at all times being a
negative goal, an objective mechanism to measure the cyber security
effectiveness of an organization to ensure continual improvements is the
most effective mechanism in today’s age when cyber attacks are the new
normal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170804/a7b1cbc8/attachment.html>


More information about the BreachExchange mailing list