To recap the first blog post in our What is Cyber Resilience blog article series, you have four concepts.
Know that you will be compromised
Have the mindset that it can happen. Use that mindset to drive company culture for various aspects for your program (ex, vulnerability management, least privilege, micro segmentation).
Adapt technologies that give you modern capabilities
Technologies that will allow you to perform advanced capabilities around analytics, orchestration, and automation give you greater capabilities.
Cyber Hygiene
By maintaining best practices with security controls, patching vulnerabilities, maintaining a secure architecture, attacks will have hard time getting in.
How fast can you kick them out when they get in
By making sure you have effective people, processes and technologies for your cyber incident response, you can mitigate the when the attackers get in.
In our experience, each concept is very valuable to explore as all four are very relevant to measure your “cyber resilience.”
Let’s take a deeper dive in these concepts.
Mindset
Many vendors agree that “Cyber Resilience” involves the mindset of assuming eventual compromise and the failure of some security layers. Accepting this mindset allows organizations to prepare for resilience and maintain operations despite security control failures. We’ve observed that clients with this mindset succeed, while others struggle to adopt it.
Here are characteristics of both situations from our experience:
The “Right” Mindset”
Does of good job of mentoring the board that the organization is never 100% risk-free and there are no “silver bullet” solutions you can purchase for cybersecurity
Speaks in “what ifs” for attacks and prepare for those scenarios
Stays vigilant in preparing for less frequent situations such as lateral movement, supply chain compromise, insider threats.
Reads up on the threat landscape and understand how shifts in attacks affect their organization.
The “Wrong” Mindset
Gives the board the feeling that they are “pretty safe” with what they have
Uses “that is unlikely to happen” as reasons to not prepare for certain types of compromise
Only prepares / focuses for common attacks such as credential compromise, phishing attacks, and endpoint infections.
Knows the threats they’ve seen / detected that the organization has faced and lack the cycles or focus to assess the threat landscape.
The core difference between mindsets typically stems from whether the organization has a culture that assumes compromises will occur and prioritizes preparation for those situations.
Watch our Strengthening Cyber Resilience: A Proactive Approach webinar on demand here.
Technology and Cyber Resilience
The use of new and emerging technologies to combat cyber threats is one of the most misunderstood aspects of today’s cybersecurity operations.
Technologies in Scope
When we refer to “use of new and emerging technologies” in cybersecurity, the following are some of the most common technologies that could be considered:
- EDR (Endpoint Detection & Response)
- XDR (eXtended Detection & Response)
- SOAR (Security Orchestration , Automation, and Response)
- Hyperautomation
- SIEM (Security information and event management)
- Data Lake
- Machine Learning / Artificial Intelligence Detection
- Threat Intelligence Platforms
- Zero Trust Security Platforms
- UEBA (User Entity Behavior Analytics)
- BAS (Breach and Attack Simulation)
Failure to Adapt
The technologies listed above offer solutions to combat modern threats. However, smaller organizations often do not attempt to deploy these technologies, while larger organizations may try but face failed implementations. Here are common reasons for these challenges:
Lack of Budget
Misleading Level of Effort from Vendor Pre-sales
Lack of Expertise
Other reasons exist, but the five above are the most common.
Keep an eye out for the our final blog post which will discuss Cyber Hygiene and Response.
Click here to read Part 1
Ready to learn more? Request a demo here
Read how we empower cyber resilience with our Proactive Protection Bundle
Bryan Borra, Vice President, Product and Content Management, Proficio
Bryan is responsible for leading Proficio’s product roadmap and managing our Threat Detection Engineers. He specializes in SIEM content engineering, network intrusion analysis, operational use case development, and threat intelligence.