There is no “one size fits all” with CISO strategies for cybersecurity
Over the last six months, we have seen an escalation in the number of reported cyberattacks, in their range, sophistication and in their long-lasting impact on businesses such as the Colonial Pipeline attack, and SolarWinds to name just two. These events obviously highlight the importance of having an effective cybersecurity strategy per organization, because even if an organization undergoes such an attack, there should be company processes in place to mitigate the severity of the consequences. To do that, companies must monitor and be aware of the main existing security risks and effectively respond to these types of incidents as they occur.
Still, each organization is different in its make-up, business needs, productivity measurements and workflows. Each organization has different network architectures and software. There is no “one size fits all” when it comes to cyber security.
CISOs and security teams are usually aware that they need to identify the cyber risks most likely to affect their own business’ smooth running and build a security infrastructure aligned with the company’s risk tolerance level. But that is easier said than done.
Even now, with everything that has occurred, many enterprises do not prioritize personnel and budgets for this purpose, often leaving the CIO or CISO and her/his team to “fend” for themselves. Without the appropriate resources and without full company involvement and support, that is a very tall order.
In addition to organizational support, with the plethora of different approaches and tools, identifying the optimal security path requires adopting proactive and scalable methods and the ability to prioritize the different types of cyber threats.
The secret to an effective CISO strategy – communications
A common attitude across industries is to assume that the CISO and the cybersecurity team alone are responsible for the integrity and safety of the company’s virtual and physical infrastructure. This is far from being the case.
Today’s hyperconnected and decentralized workforce maneuvers within dynamic network architectures and programs that have moved to the edge and the cloud. Therefore any effective cyber defense strategy must start with open communication between the CIO/CISO, security teams, and company executives.
This open line of communication is especially important since 2020. With the increased number of employees working remotely, security officers face the added challenge of providing remote workers with additional layers of security, as the organization is more exposed to cybercriminals. They are also tasked with improving the monitoring ability of workers with access to sensitive information to prevent internal breaches.
Integrating business operations with security personnel helps employees understand security better. It also allows cybersecurity professionals to consider the organization’s business strategy and priorities, while establishing cyber security policies and managing cyber risk solutions and monitoring.
Additionally, establishing the following core data security principles and policies empowers the CIO/CISO to focus both on individual applications and the broader company infrastructure.
The 5 core cybersecurity elements that should be in your strategy
Notwithstanding the notion that each organization requires its own security program and policies to best suit its risk tolerance and business needs, there are a few core concepts that need to be an integral part of any strategy.
- Gathering cyber intelligence about any past, planned, or ongoing attack against your organization or potential partners’ organizations. The expression “forewarned is forearmed” is particularly true for cybersecurity and may have immediate business implications. Early knowledge of a leak, such as the Intel leak following Tillie Kottman’s breach in August 2020, could have enabled Intel to take early corrective measures to mitigate the damage from leaked information.
- Monitoring all information flow to prevent data loss and fraud. Monitoring the information flow between internal and external sources and destinations is critical. This allows the cybersecurity team to spot both penetration attempts from outsiders and potential leaks – malicious or accidental – by the organizations’ employees.
- Zero trust, segmentation and identity management – segmentation, together with privilege management, are keys to building resilient security programs and company architecture in a cloud-native or hybrid environment, as it creates additional road blocks for attackers to move and escalate laterally once they have breached an organization’s user credentials, endpoint etc. Abusing access privileges is one of the ways in which attackers penetrate broader sections of a corporate work environment after finding a vulnerable point of entry. Defining least-access privilege and segmentation will drastically limit the scope and range of an attack in case of a successful breach. Plus, with the increased number of employees working from home, companies must compensate for the expansion of the attack surface stemming from the security gaps in employees’ home internet infrastructures.
- Automation and risk management tools – certain tools and technology platforms are beneficial in enhancing the security posture from automated identity management, cloud/VPN/network access control, risk monitoring and risk mitigation tools all the way to security operations centers (SOCs), firewalls, anti-virus and much more. Automation will optimize performance and help in avoiding new risks. For example, by applying security patches and software updates in a timely manner some “silly hacks” could be avoided.
- Cyber forensics and investigation – while most organizations are not equipped and lack the knowledge base to run digital forensics on their own or to deconstruct a cyberattack to prevent a recurrence of a similar incident, ideally, there will be a basic breach-mitigation documentation procedure established so that companies can claim insurance properly and prevent fines for non-compliance.
What to understand when building an effective cybersecurity strategy?
While CISOs are tasked with keeping an eye on cybersecurity threats, identifying key vulnerabilities and coming up with defensive and risk mitigation solutions, the organization’s management should be actively involved in improving the company’s cyber-resilience. Too often, companies realize they need a better cybersecurity program and corresponding budget only after a specific catastrophic event has already caused severe damage.
With better planning, a holistic approach to cybersecurity and prioritizing a security budget, companies will not have to rely on ad-hoc/emergency solutions or a CISO’s ability to “put out fires”.
Questions?
We have answers. CLICK HERE to connect with one of our HolistiCyber experts today.