Cybersecurity goals can only be achieved with sufficient threat intelligence
From the point of view of cyber security, 2021 was a real “mess”. Companies, public authorities and hospitals had to deal with one cyber incident after another, and that with a growing digital attack surface. Thanks to accelerated cloud migrations, IoT adoption and intensified digitization, this was expanding at a pace that only increased the complexity of the response. Apache log4j rounded off the year with a big bang effect.
Unfortunately, the risk of cyberattacks is constantly changing due to the ongoing corporate transformations, as Palo Alto Networks explains. A slowdown is not in sight in the near future. Now, of course, the question arises as to what can be done to get a better grip on this situation. In 2022, the most important investment is to adopt a proactive cybersecurity strategy. According to Palo Alto Networks, this should focus on understanding the most critical threats to the company, being prepared for them and developing sustainable cyber resilience. Such a strategy requires an overview of the most important cyber risks and the way in which an enterprise is exposed to these risks.
If there is a clear overview of the cyber threats and a strategy to deal with them, there is a good starting position. Then security managers can justify to the most important stakeholders the introduction of holistic controls that are appropriate to the real threats of the environment. In this way, the security situation and resilience of the company can really be improved.
It makes sense to use a threat intelligence-based approach to continuously develop the security strategy. The threat data thus available is there to make informed decisions.
Palo Alto Networks names Some important steps for companies:
- Create influence on systems that you consider business-critical. They should be able to base decisions about their defense priorities on credible information about threat actors currently conducting attacks. If you do not currently have a framework or a prioritized list of cyber threat scenarios, you should ask your information team or provider for one.
- Objectively check your resources and the extent of your attack surface. If you can’t determine the level of business criticism for a system, how are your security teams supposed to know what priorities to set when defending the system? If you do not know where these systems are located and how to access them, it means that you will have more work when the inevitable incident occurs.
- Consider credible threat scenarios and evaluate which vulnerabilities should be addressed as a priority, taking into account the criticality of the assets, the attack surface and the frequency of exploitation. Then combine this with a comprehensive understanding of the current state of your defense tactics and your plans for responding to an incident.
It is important to realize that this is not a one-time exercise. Instead, the ability to continuously monitor and evaluate the digital ecosystem of a dynamic company as well as the evolving threats must be created. Therefore, it is essential to anchor this in a repeatable way, i.e. via policies and processes (and ideally automation) throughout the entire life cycle of the system. The introduction of a threat data-based approach for both “change” and “run” initiatives can be decisive here.
This threat intelligence-based approach combines research, empirical data and expertise to develop a holistic, strategic view of the company’s threat landscape.
The Board must have an overview and play along
A compelling business case is needed to secure funding and support for safety programs from key stakeholders, including the Board. Non-concrete reports are not well received, but too many technical details also do not work, as it takes too long to digest them. Instead, it is better to outline the potential business consequences and the costs of inefficient and ineffective cyber defense. In this way, the risks for the company can be clarified in a language that the stakeholders understand. When security leaders show how they can help the board and key stakeholders understand the “why” behind their plan, they can get them on their side.
This approach clearly shows how the proposed investments will ensure sustainable security and resilience by moving the company from limiting the consequences to realizing the business benefits of an improved security situation.
In the following, Palo Alto Networks lists a few steps that are helpful for creating a business case:
- Determine the most important characteristics of your company and present how your cyber program should receive these characteristics.
- Conduct regular benchmarking and report on your ongoing risk mitigation activities. This can help you keep the board on your side.
- Use a data-driven approach to demonstrate progress and show that you are able to maintain your security precautions against evolving threats.
These steps make it possible to build agreement and trust at the highest level of the company, as well as to obtain the resources necessary for strategic planning.
Proactive Cybersecurity Strategy
No one can promise that the year 2022 will be uneventful from the point of view of cyberattacks. However, a security provider with a consulting team can help to get a grip on the chaos and take a proactive stance. With this support, companies can carry out comprehensive assessments and tell the most important stakeholders what the current status is. This makes it possible to see which potential threats are lurking in the environment and how well the company is positioned to ward off dangers such as ransomware. At the same time, simulations can be carried out based on real threats and real scenarios. This makes it possible to regularly test emergency plans and use the knowledge gained to continuously improve the procedures for detecting, responding, containing and eliminating threats. In this way, security managers can make their environment more resilient and achieve a higher level of trust on the part of the company’s management.