I think we can all breathe a sigh of relief that we made it to the end of 2021. From a cybersecurity perspective, this year was a doozy. We had to deal with one cyber incident after another, across an expanding digital attack surface that, thanks to accelerated cloud migrations, IoT adoption and desktop digitalization, grew at a pace that served only to exacerbate the complexity of responding. With Apache log4j rounding out the year with a festive bang!
Unfortunately, the risk of cyberattack is constantly changing due to ongoing business transformations, so there doesn’t appear to be any slowdown on the near horizon.
Now the obvious question is, what more can be done to gain a greater degree of control over this situation? In 2022, the most critical investment of time and effort would be to adopt a proactive cybersecurity strategy focused on understanding the most credible threats to your business, and to develop preparedness and sustainable cyber resilience for your organization. This strategy is predicated on having visibility, both into the most relevant cyber risks and into how your business is exposed to those risks while it transforms.
Having a clear view of the most credible cyberthreats to your organization and a strategy for addressing them is how you can justify to your key stakeholders the deployment of holistic controls that are proportionate to the real-world threats facing your environment. This allows you to genuinely improve the organization’s security posture and resilience.
Harness a Threat-Intel Informed Approach to Continuously Evolve Your Security Strategy
Threat intelligence exists to support informed decision making. Here are some of the steps you can take:
- Create impact on systems that you consider business critical. You should be able to trace decisions made about your defensive priorities to credible intelligence of threat actors currently undertaking attacks. If you don’t currently have a framework or a prioritized list of cyberthreat scenarios, ask your intelligence team or provider for one.
- Review your assets and the enumeration of your attack surface objectively. If you can’t determine the level of business criticality for a system, how will your security teams know how to prioritize defending it? If you don’t know where these systems reside, nor how they can be accessed, it means you have more work to do when the inevitable incident hits.
- Look at credible threat scenarios and evaluate which vulnerabilities to prioritize by using knowledge of asset criticality, attack surface exposure and the prevalence of exploitation. Then marry this with a full understanding of the current state of your defense tactics, and your plans for responding to an incident.
It’s important to realize this is not a one-time exercise. Instead, this needs to establish the capability to continuously monitor and evaluate your dynamic business’ digital ecosystems, as well as the evolving threats. Therefore, it is imperative to embed this in a repeatable way, i.e. via policy and process (and ideally automation) throughout your system’s lifecycle. Adopting a threat-intel informed approach for both “change” and “run” initiatives can be the game changer here.
This threat-intel informed approach fuses research, empirical data and expertise to build out a holistic, strategic view of your organization’s threat landscape.
Empower the Board to Provide True Oversight and Get Them on Your Side
You need a compelling business case to receive funding and support for your security programs from key stakeholders, including your Board of Directors. Reactionary and ambiguous reports don’t resonate; there's no room for panic. Too much technical detail also doesn’t work, as it takes too long to digest. Instead, try outlining the full potential set of business consequences and the cost associated with an inefficient and ineffective cyber defense to highlight the risks facing your organization in a language your stakeholders understand. Showcasing how you're helping the Board and key stakeholders understand the “why” behind your plan will help you get them on your side.
This approach enables you to clearly demonstrate how the investments proposed establish sustained security and resilience, pivoting from consequence limitation to the business benefits realization of an enhanced security posture. Here are some of the steps you can take to build a business case:
- Determine your organization’s key attributes and map how your cyber program is designed to preserve these.
- Regularly benchmark and report on your ongoing risk reduction activities. It can help keep the Board on your side.
- Use a data-driven approach to demonstrate positive progress, and show your ability to sustain your security posture against evolving threats.
These steps will enable you to build alignment and trust at the highest level of your organization and obtain the resources needed for your strategic planning.
Adopt a Proactive Cybersecurity Posture With Unit 42
Even though we cannot promise to make 2022 an uneventful year from a cyberattack perspective, let us help you get control over the chaos and adopt a proactive posture.
With Unit 42, you can perform comprehensive assessments and communicate to key stakeholders the preparedness of your organization – knowing what potential threats are lurking across your environment and how ready you are to stop dangers such as ransomware.
At the same time, you can conduct simulations to continually test your plans, taking what you learn to transform your threat detection, response, containment and remediation procedures on an ongoing basis – based on real world threats and real life scenarios. You will have a higher confidence as a result.
And in the case of an incident, you can make our incident response (IR) experts an extension of your team, available on speed dial, with a Unit 42 Retainer. You can also repurpose retainer IR hours towards any other Unit 42 Cyber Risk Management services to help you become more proactive.
If you are experiencing an active breach, or think you may have been impacted by an incident, please contact Unit 42 to connect with a team member. The Unit 42 Incident Response team is available 24/7/365. You can also take preventative steps by requesting a Proactive Assessment.