Since 2004, the President of the United States has proclaimed October as cybersecurity awareness month, helping individuals better understand cybersecurity threats and protect them from them. Every year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) collaborate to increase cybersecurity awareness among private sector companies and consumers.
This Year’s Theme: “#See Yourself in Cyber
“This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future. We encourage each of you to engage in this year’s efforts by creating your own cyber awareness campaigns and sharing this messaging with your peers.”
-Cybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity is Complex
See Yourself in Cyber can be interpreted in multiple ways. To me, it’s speaking to those students unsure of what to major in, telling them to see themselves working in the industry. It’s reaching out to other departments within an organization to get them to understand how they impact security. And highlighting how hard a security analyst’s job is.
In a recent blog post, I dove deeper into why security is more challenging than ever.
And it all comes back to people. People are the heart of any security organization. Security tools are a requirement, but they don’t replace people.
According to (ISC) ²’s 2021 Cyber Workforce Report, there is still a cybersecurity workforce gap of more than 2.72 million.
Which for some organizations can mean they’re already behind before even starting.
Improving Your Security Posture
There are many ways an organization can improve its security posture.
For this blog, I’ve narrowed it down to five:
1) Understanding Your Relevant Threat Landscape
Understanding the attack surface is key to knowing what assets need protection and how best to protect them. Unfortunately, most organizations struggle because their attack surface keeps changing.
Start with an attack surface assessment. Find out how an attacker sees you. Map your assets against their potential vulnerabilities and readiness to prevent or respond to threats. This will help understand how well current tools and investments protect critical assets and what additional measures need to be taken to improve protection.
A comprehensive assessment should include the following:
• Visibility into all external facing assets to uncover exposed assets
• Identify and evaluate the current security programs
• Evaluate the effectiveness of information security policies, procedures, and processes
• Determine the effect of cybersecurity incidents on KPIs, including availability, integrity, and privacy
• Assess the maturity level of current tools and investments
• Identify areas where the current infrastructure could be improved
While identifying and managing cyber risks begins with a thorough inventory of existing IT assets. It’s more than just attack surface management. Threat intelligence needs to be at the foundation of any security program.
Organizations must understand their adversary to understand their threat landscape completely.
Threat intelligence helps organizations better comprehend:
- What are my opponents’ strengths and weaknesses? And how might they attack me?
- What are the attack points that could compromise the safety of my business?
- What should my security team be watching out for?
- What steps can we take to minimize our company’s risk from a cyber attack?
Understanding your relevant threat landscape will help your security team become more proactive and stay ahead of threats targeting you.
2) Continuously Monitoring for Threats
Many organizations rely on technology to conduct critical operations in today’s environment. These technologies include mobile devices, cloud computing, web applications, and social media platforms to databases, networks, and physical assets. As a result, the risk of cyberattacks is growing exponentially, leading to increased exposure to potential threats.
IT teams are under constant pressure to improve the performance of their networks while ensuring they remain secure. At the same time, security teams must deal with various threats, ranging from sophisticated malware to zero-day exploits and ransomware.
Monitoring Your Infrastructure
Organizations must continuously monitor their IT infrastructure to identify vulnerabilities and maintain compliance with regulations to address this issue. Continuous monitoring enables organizations to detect potential threats and vulnerabilities quickly and efficiently.
Most security teams use several security management tools to help them manage their security infrastructure. Continuous monitoring can provide insights into how well your security controls work, what risks you face, and where you stand against your peers. This allows you to make better decisions about your security programs and take action to address issues.
Monitoring for Threats
It’s challenging to keep up with the ever-changing threat landscape. Most security teams use threat intelligence platforms or threat intelligence management solutions to help them identify threats. Solutions like Anomali ThreatStream, automate the gathering and analysis of raw data to turn it into actionable threat intel for security analysts.
The effectiveness of your security posture relates directly to the quality and timeliness of your threat intelligence. Analysts equipped with curated, relevant threat data can act quickly, securing the organization’s most valuable assets first and conducting efficient investigations afterward.
With increasingly sophisticated attacks, analysts need better visibility and insight into their networks to detect them sooner. They need a solution that intelligently combines all relevant security data to help detect advanced adversaries and sophisticated attacks in real-time.
Extended detection and response solutions collect telemetry from security tools in real-time to eliminate security gaps and provide an integrated platform for effective threat detection. They offer increased visibility across multiple security solutions through one single interface.
Anomali takes the data collection process further by integrating threat intelligence with our XDR solution. Data is normalized and enriched and then correlated with the world’s largest curated global intelligence repository.
This enables organizations to understand what’s happening inside and outside their network to keep an eye on and detect advanced threats.
Continuous monitoring of all parts of your security programs will help you understand your organization’s risk tolerance and manage them consistently across the board.
3) Educating Your Employees
To some, security isn’t a tech problem – it’s a people problem. Even with the most advanced tools, uneducated staff can fall victim to some of the simplest and most common attacks. Stanford Research found that 88% of data breaches are caused by human error.
The shift toward remote work created challenges for companies looking to protect employee information and applications. This undoubtedly makes IT departments scramble to ensure that data security and compliance regulations are followed. At the same time, many employees are now using personal devices and apps to connect to corporate networks and email accounts, making it easier for attackers to gain access to sensitive files and data.
In addition, some people might forget to log out of their personal accounts when they finish using them. As such, even if you’ve disabled sharing across devices, someone could easily find themselves logged into multiple accounts and open up to the risk of phishing attacks.
Finally, employees must remember to change their passwords regularly. Hackers use password databases to identify weak passwords and try those passwords against other sites. When you change your password, you increase the chances of avoiding a breach.
It’s challenging to educate employees on cybersecurity best practices. Many companies still rely heavily on traditional methods of communication, such as email, phone calls, and meetings, to inform their workforce about essential changes. This approach leaves employees feeling disconnected from their employer and increases the risk of employee theft or misuse of confidential information.
Organizations should consider adopting alternative ways of communicating with their employees, such as live chat sessions, instant messaging, and social media. These options allow employees to feel more engaged and connected to their workplace while providing additional protection against cyber threats.
Adopting a security-first culture and educating employees will pay dividends.
4) Planning for an Attack
Breaches are inevitable. An effective security strategy means planning for the worst possible outcome. Security teams must ensure they have the right people, processes, and technology to respond effectively to attacks.
Whether it’s ransomware or phishing scams, many types of attacks can cause severe damage to both companies and employees. But what happens when a cyberattack does occur? What do you do about it? How do you prepare for such events?
A Cybersecurity Incident Response Plan (CIRP) is a document that guides organizations about what steps to take during a cyberattack. NIST defines it as “a plan detailing actions to be taken in response to a cybersecurity incident.” This includes planning ahead with training, communication, and notification.
An organization must develop a comprehensive plan that covers every aspect of managing a cybersecurity incident. The plan should include the following components:
• Detection and Analysis – How do you detect the threat? What tools are used to monitor systems? What happens if something goes wrong? What is being done to prevent future attacks?
• Containment – Is the attack contained within the network perimeter? If the attacker gains access to another computer outside the network, what does the plan say about that? What do you do if someone tries to hack into the network from outside? Do you notify law enforcement?
• Eradication – Can the threat be removed from the network? Are there ways to prevent this from happening again? Does the plan detail how to recover from a failed attempt to erase the threat actor?
• Recovery – After the incident is over, what do you do next? Will you rebuild the affected computer? Will you restore backups? What happens to the attacker?
Without a comprehensive plan, you risk missing critical actions and exposing yourself to costly fines. Your organization could even face criminal charges.
A well-written plan helps ensure that employees know how to react during an emergency and gives management a clear path forward following a breach.
5) Aligning Security with Business
Many organizations view security as a cost center rather than a strategic asset. Organizations are typically looking for quick wins without considering the long-term impact on the organization, often overlooking what that means from a security perspective.
Today’s threat landscape demands a different approach to keep up with the changing world of cybersecurity.
In today’s world, everyone needs a seat at the table to break down silos and ensure a strong security posture. The CEO and board of directors must understand what it takes to build a secure environment and how to manage risks associated with cybersecurity threats. Employees must understand how their actions impact security. The marketing team. Finance. Sales. Everyone needs to know how their actions affect the organization’s overall security.
While business leaders might understand the risks facing their organizations, this might not boil down to a clear, consolidated approach across the organization. Most organizations struggle to align their cybersecurity programs and their organizations’ business strategies. This creates operational friction between a security team wanting to protect the business and business leaders wanting to expand revenue.
Organizations must foster a collaborative environment to align business objectives with cyber risk to expand their markets, protect revenue streams, and secure the development and deployment of new products and services. Weighing the potential risk and consequences in a way that makes cents (intended) to the business will go a long way.
As this year’s theme states, cybersecurity may seem like a complex subject, but ultimately, it’s all about people. The more people work together, the more they’ll be able to comprehend how their actions impact security. Maybe then they’ll “See Yourself in Cyber.”