Identifying Risk, or Finding a Needle in a Haystack

Newer regulations and industry standards are now mandating a risk-based approach to security that’s forcing many organizations to transition from a compliance check box driven approach to a more proactive risk-based view of security.  Risk is made up of many factors such as compliance posture, threats, vulnerabilities, reachability, and business criticality.  For many years, businesses have focused on achieving compliance or taking preventive measure to strengthen their security posture due to endless data breaches.  When an organization is focused on strengthening its compliance posture to pass an audit, they usually look at control failures and gaps to try to mitigate them. 

On the road to risk management, a variety of factors must be taken into account to derive a holistic view and ensure the efficient alignment of resources for remediation actions.  In mid-sized organizations, there are dozens of regulations that mandate thousands of controls that have to deal with hundreds of pages of security findings that range from vulnerabilities, threats to incidents.  With new technology of big data risk management, it’s emerging to help not only to aggregate compliance, threat, and vulnerability data but more importantly is correlates data feeds with is business risk to the organization.

Building Blocks for a Proactive CyberSecurity Strategy

Over the past six months, cyber-attacks against financial organizations, government sites and critical infrastructure have escalated.  In early spring, financial institutes such as Wells Fargo, Bank of America and JP Morgan Chase has been hit hard by cyber-attacks costing the organizations millions of dollars.  Last month, Homeland Security officials issued a warning from ICS-CERT to warn U.S. companies about attacks on critical infrastructure about chemical and energy companies to take added measures to protect their systems.

Cybersecurity is now our responsibility because these attacks not only pose severe consequences to our government but it also impacts a lot of our private organizations that own our electric and cellular networks.  Under new regulations, the chairman of the Joint Chiefs is making changes to the U.S. military’s standing rules of engagement that dictate when, how and with what tools America will use to respond to an attack.

The building blocks for a robust cybersecurity strategy is to trust no one, inspect and log all traffic, and ensure secure access to all-important assets in the data center.  Compartmentalization or network segmentation is the key component of Zero Trust and is important to limit the exposure of attacks.  Internal employees tend to be the weakest link when it comes to targeted attacks but now that has been expanded to the ecosystem of partners, contractors and supply chains. 

The reality is that there’s a need for a more robust cybersecurity strategy that requires a comprehensive approach to malware that’s similar to the attacker’s lifecycle approach of infecting a network.  This means that identifying all traffic that malware tends to hide and managing the unknown in addition to the virtual sandbox analysis.  The last piece of monitoring that’s needed is a reporting and logging system that can provide visibility into the network and enable proactive actions if something suspicious is found.