Cyber resilience strategy requires more than simply implementing a few traditional security controls and security service functions. It requires a holistic change to the organizational approach to security from the ground up. Taking what already exists and re-shaping it so that the controls and systems work in a more integrated framework creates agile breach response and remediation capabilities. Improving communication and visibility across systems is another must for optimal governance of the incident-response framework.
Below we will discuss the top 3 initiatives recommended for your organization to embrace.
Practice 1: Improve Visibility
To quickly and decisively respond to threat actors, organizations need in-depth visibility into the behaviors of threat actors. The use of XDR technologies, continuous RED teaming and pen testing solutions will create the datastream that enables enterprises to deliver feeds of exposures to your governance dashboards to efficiently prioritize mitigation initiatives. Endpoints and other network-attached assets need to communicate information to centralized management dashboards. This information can be used to create baselines of threat attack behavior as a function of time during the day or week or month so businesses can detect anomalies.
Practice 2: Transform Control Integration
Older architectural designs approached IT networks and security controls as separate business-IT functions that different groups manage. Teams and team members rarely speak to each other during day-to-day operations unless the impact is significant. In actuality, alerts generated in one area may be warning signs of trouble in another but processes are not integrated enough to glean insights and react accordingly. ITSM processes take days, not hours to make sense of threat actor symptoms in an environment. Hardly any SIEM is tightly integrated into ITSM platforms in the bi-directional model for Network organization, Security Operations, even User Access Management teams to spot and contain adversary impact.
To move toward a cyber resilience state necessitates that network, security monitoring, user access monitoring, and privilege access monitoring functions including technologies and processes to integrate into seamless mode ironing out the false positives effectively to deliver a fast and agile method of reacting to intrusions.
Data is what gets stolen or compromised. In my 20+ years in the practice of cybersecurity, I have come across an organization that emphasizes the need to implement data discovery and data classification religiously and operationalize the non-linear growth of unstructured data.
Security monitoring operations need to transform to deliver cyber resilience. Designing security monitoring must look beyond traditional 24×7 perimeter scanning for adversary events and alerts. Today adversaries are taking advantage of new software supply chain digital delivery methods. More and more SaaS-based application inventory using open source stacks in serverless environments are spawning to deliver applications for businesses to the production environment at lightning speed. Especially post COVID, work from home demands shift business functions to embrace digital delivery at rocket speed. This, in effect, is causing a convoluted threat surface with a rise in APT and Zero days.
The security industry isn’t silent. Several new use cases are taking shape to combat these emerging trends and sophisticated attack vectors. Defense and visibility platforms are arising to handle this, but the response is reactive too often. Enterprises must continuously evaluate these incoming players with rigorous POCs before rolling out these solutions.
Planning an integrated contextualized security operating environment with security controls for perimeter, application, data, users, and API layers is of utmost importance to minimize intrusion and/breach impact and deliver cyber resilience design for the enterprise.
Practice 3: Improve Access Control Strategy
A robust access control strategy is at the heart of cyber resilience. Often organizations struggle with the fundamentals like the principle of least privilege. Most large customers are working to reduce privilege proliferation in their environments. Every year, this should be a consistent line item in any security budget planning for a CISO. Rolling out MFA for everyone — the employees and contractors, suppliers, B2B and B2C customers — who touches enterprise network assets is crucial.
More than ever before, consumer IAM (CIAM), passwordless experience, decentralized identity, and self-sovereign identity solutions are being experimented with and embraced in enterprise architectures to string authentication and authorization into every transaction. These architectures do bring positive change like reducing risk and liability, but they pass ownership and choice risks to digital experience users. Though this helps enterprises control their liability, a balance of user expectation and business delivery could be challenging to maintain as the business grows.
Building Cyber Resilience
Business success in the modern IT environment requires evolution to protect against emerging cyber-attack strategies. The traditional methods of approaching security are no longer enough to defend against the constant onslaught of attackers and evolving threats.
Organizations need to revise their methodology to take a holistic approach to cybersecurity and cyber resilience. This effort requires improvements in communication and visibility to create the framework to detect cybercriminals early in attacks. Doing this in an efficient and organized manner involves the guidance of a single leader and a directed team. Organizations can start with cyber risk assessment and mount a planned and coordinated defense to prepare for rapid and controlled recovery.
Your enterprise could refer to several authoritative guidance sources for establishing a Cyber resilience strategy embracing a zero trust framework.
- Cyber Resiliency Design Principles | The MITRE Corporation
- CISA Zero Trust Maturity Model
- Forrester – A Practical Guide To A Zero Trust Implementation
Learn more about how Persistent’s cyber security consulting and implementation services can help integrate security controls and optimize cyber resiliency strategy to build cyber resilience.