- Table of contents
Cybersecurity Action Plan for 2017
Faced with an evolving threat landscape and proliferating attack vectors, it is imperative for CISOs to stay ahead of the threat actors. If success is where preparation and opportunity meet, as the old saying goes, then smartly preparing a cybersecurity plan will give your organization the capability to detect and respond to complex threats.
With risk spreading across every digital channel traditional in-house security isn’t enough to detect and respond to complex new threats and targeted attacks. If you agree, then it’s undoubtedly the proper time to assess your security posture and come up with a cybersecurity action plan.
Know Your Threat Landscape
CISOs have never had a tougher time protecting their organizations, and the stakes have never been higher, as a breach can have a devastating effect on the company’s reputation. Threats are becoming smarter, more targeted and harder to detect. With the proliferation of Crime-as-a-Service, even laymen are now able to get their hands on cheap and effective attack tools. Organizations are faced with the constant onslaught of attacks, from mass malware to highly targeted social engineering and phishing schemes. Right now it appears that ransomware is the leading risk, followed by phishing, email compromise and cyber espionage.
Every industry and vertical is faced with highly targeted specialized attacks, and detailed knowledge of the latest developments in the threat landscape is now essential.
Another issue that CISOs face is that of detection. Most attacks bypass standard controls and SIEMs produce an abundance of irrelevant log data that needs to be sipped through and analyzed. Failure to detect attacks is still a salient issue for most organizations.
Are you staying on top of the latest cyber threats? Only after understanding the threats that are facing your organization can proper detection and response technology and processes be put in place.
Educate and Raise Awareness
Alarmingly, not only rank-and-file employees, but many executives as well don’t know enough about cyber risks.
An Australian National University survey in 2016 revealed that 58% of cybersecurity pros believe their companies’ boards had an insufficient understanding of cyber risk. And another survey from last year showed U.K. organizations had gaps in their cybersecurity knowledge, with 35.4% not knowing how much an attack against their systems would cost them.
Whether this shortfall of cybersecurity knowledge stems from a “It won’t happen to us” company-wide attitude or is a simple failure – for budgetary, staffing or other reasons – to stay current on threats, not knowing your organization’s threat environment can be costly and irreparable. The lackadaisical way Yahoo responded to two massive data breaches ultimately cost the company $350 million in valuation, and caused severe reputational and brand damage that will be difficult to recover from.
Foster a Culture of Security Across Departments
If the Yahoo cybersecurity failure proves anything, it’s wise to implement a top-to-bottom culture of risk awareness. Enterprises are at risk from every angle: supply chain exposure, social media threats, rouge mobile access points, financial fraud and executive misunderstanding. An organization that detects and responds to those risks together stays together.
That’s why it’s critical for cybersecurity buy-in to occur at every level, with every employee involved. Boring, impersonal cybersecurity training and even the threat of punishment won’t work. Employees will forget rules and processes, or are simply not motivated enough to care. CISOs need to implement a creative cybersecurity campaign that motivates, rewards and reinforces cybersecurity processes and rules. Today, a team effort is necessary to make cybersecurity work, and it is a CISOs responsibility to lead the way.
Look Beyond the Perimeter
Even if you are capable to quickly detect and respond to attacks that have already penetrated your defences, it is crucial to look beyond the perimeter where most threats originate. One in five phishing scams originates on Facebook, and almost 2% of all social media interactions containing a URL are malicious. Phishing scams on Twitter, LinkedIn, Google+ and YouTube are just as probable.
Most cyber-attacks either originate beyond the perimeter, or could be detected beyond the perimeter. If detected, those attacks can be mitigated and dealt with even before they become cyber events.
Aside from social networks, companies can’t fully protect its many digital blind spots: websites, corporate accounts, sites, apps and ads. These digital touchpoints can total in the thousands, and then there are the many unowned but associated digital elements that need to be accounted for.
And don’t forget the supply chain. Almost 75% of SMEs in the U.K. claim they’re cyber-secure but half of them suffered a data breach. Considering that your business’ supply chain is comprised of mostly SMEs, their lack of cyber vigilance puts your data at risk.
Between social media, websites, unowned digital elements and the supply chain, it’s obvious that old-fashioned perimeter defences are no longer enough.
Closing Gaps with a Digital MDR
Implementing an effective cybersecurity action plan requires a shifting of your organization’s stance from a purely defensive one to an approach that supplements defensive measures with detection and response.
Prevention will always remain an important part of a robust cybersecurity strategy, but it is no longer wise to depend on only the prevention layer when facing new types of threats. A well-rounded cyber defense needs to find the threats that surreptitiously made their way into your network and are already causing harm.
A Managed Detection and Response (MDR) service can supplement and enhance your existing security tools, while allowing your business to quickly implement mature threat detection and response capabilities. What’s more important? Detecting threats inside your network – where you probably already have a strong understanding of risk – or beyond the network, where thousands of blind spots expose your organization to risk? If you choose the second option, you’ll need a digital MDR.
Digital MDRs detect threats beyond traditional perimeter security controls, A digital MDR’s solutions aggregate and analyze data from a range of sources: open source, technical intelligence, human experience and knowledge, and covert human resources. MDRs use these sources to detect attacks before they happen by comprehensively and persistently monitoring risk across digital channels.
Chances are your current security solutions can’t cover all that ground. Closing those gaps is exactly why you want a digital MDR.