Taking Command: A Three Step Approach to Surviving Today’s Cyber Domain

Over just a few decades, science fiction has become reality with the advent of cyberspace.  Organizations can instantly communicate across the globe, completing work faster than ever thanks to these innovations. And though cybersecurity quickly became one of the most rapidly growing fields, cyber threats continue to improve right alongside these digital advancements.

Security teams are under constant pressure to defend against internal and external attacks, making every IT environment into a battlefield. With an ever-increasing number of devices and employees to control, manage, and monitor, the frontline is only getting larger. What’s the best way to fight back against these cyber adversaries? Read on for three steps that will help you create an effective plan of action and winning strategy.

1. Prioritize Your Most Critical Assets

In The Art of War, Sun Tzu notes that “If he sends reinforcements everywhere, he will everywhere be weak.” While it’s important to make an effort to safeguard your entire infrastructure, it’s vital to know what your most critical assets are, and add the most robust protection to them.  Take the time to audit your environment. What would have the greatest impact if they were denigrated in some way?  What devices are necessary to complete day-to-day operations? Where is your most sensitive data stored? Who has access to it? What do applicable standards and regulations require?

You can also use resources like the Mitre Attack Framework to determine what is most at risk. Using all this information, a natural list will begin to emerge about what needs and requires the most security reinforcements. Determining most critical assets will also provide insight in what type of protection is needed. From there, you decide what policies to implement and what tools to deploy for a layered defense strategy that suits your specific needs.

2. Employ Roving Patrols

The only way to know if your defenses are working is to put them to the test. Cybersecurity expert Brigadier General (Ret) Welton Chase (whose views do not necessarily reflect the Office of the Secretary of Defense) explains how this tactic is taken straight from the real world:   

You need to employ roving patrols. Roving patrols in the military move around to key locations and they look to see if those key locations have been weakened or compromised. We would call that, in the cyber world, penetration testing.

Security weaknesses can be wide ranging—they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Penetration testers think and act as attackers would, evaluating security efforts by attempting to exploit these security weaknesses, prompting organizations to implement changes before experiencing a real breach. These tests also serve as quality assurance checks, allowing organizations to make sure that the money and effort they’re putting in are going to the right places and are working effectively.

Penetration tests are most effective with thorough preparation, with advanced planning to help layout the scope, goals, and expectations. Additionally, regularly testing the effectiveness of your security controls is vital to ensure that you can keep up with how an attacker might approach your organization, and to verify that remediation efforts are working.

With consistent and comprehensive penetration testing, organizations gain invaluable insights, so they can more intelligently prioritize remediation, apply needed security patches and allocate security resources more effectively to ensure that they are available when and where they are needed most.

3. Practice Dynamic Risk Management

Brigadier General (Ret) Welton Chase notes a common saying in the military that “the plan never survives contact with the enemy. You've got to be prepared to respond.” Organizations need to be both proactive and reactive in their approach to security in order to be ready for any type of security threat or disruption.

On the proactive side, the zero trust model acts on the presumption that an attempt to attack will be made at some point in time, so all doors are locked as a precaution. It requires authentication of some kind for any type of access to the network, no matter the location. In order to implement the zero trust approach, Identity Governance (IGA) solutions are employed to streamline the process of assigning privileges and managing access. Additionally, using penetration testing tools and services, as mentioned above, is a proactive measure that every organization can benefit from.

The zero trust model extends to reactive efforts as well. By assuming that the risk of attack is always present, policies are put in place to ensure there is constant vigilance. Given the size of most environments, tools on the reactive side are especially important to make sure everything is being monitored in some way. For example, Security Information and Event Management (SIEM) solutions centralize all datastreams and flag threats so security teams don’t have to waste time investigating benign notifications. Advanced Threat Detection solutions can detect infections with certainty on devices like MRIs and Smart TVS, so no asset slips through the cracks.

Ultimately, we all must remain flexible, adapting to each threat as it comes. By knowing what the most critical pieces of your environment are, continuously evaluating the status of your safeguards, and layering defenses, your organization can stay ahead of risks, or be battle ready to stop them in their tracks.