The attack on Ukraine has been in the news for weeks, but one thing not many have paid attention to is the escalation in cyber warfare. Cyberattacks surged as Russia’s aggression raged. The targets of cybercriminals are not only military establishments and government institutions, but everyone vulnerable.
State threat actors are not only targeting government cyber infrastructure to steal information or disable facilities. They are also attacking businesses to generate funds, mainly through ransomware. Cybersecurity experts suggest that there are possible attempts to fundraise through ransom in cryptocurrency to partially make up for the losses brought about by the economic sanctions.
There is a need for all organizations to boost their security posture management and ensure adequate defenses against cyber assaults. Standard security does not suffice nowadays. An effective way to evaluate and improve existing security postures is to examine the following crucial points and implement improvements based on what is deemed lacking in these areas.
Security controls efficiency
Ensuring the efficient operation of security controls entails many things. For one, it is important to have only those that are necessary. Unnecessary controls such as the wrong encryption method for a specific action or redundant scanners create bottlenecks that negatively impact the interactions in an organization’s cybersecurity ecosystem.
Security controls should consist of only necessary components. Also, they should work together to create a formidable defense that leverages the functions of all the controls put in place. It would help to use a cybersecurity platform that seamlessly unifies all of these controls with the security alerts, notifications, and information on security events viewable through a common interface.
There are cybersecurity platforms that employ artificial intelligence or machine learning to evaluate and sort security alerts to make sure that the most crucial ones appear on top and are addressed promptly. AI may also be used to automate the response to simple and recurring security events, so cybersecurity teams can focus on other concerns that really require human discernment or more careful scrutiny.
Security control efficiency, however, is not only about reductions or keeping the security system lean. There are times when going extra is the right way to go, like in the case of enterprises. Their more complex systems and higher exposure to risks require extended security posture management to address sophisticated attacks like those that target the software supply chain.
Quantification of risks
How do cybersecurity teams determine which risks to be prioritized or given the soonest attention? There is no straightforward answer to this question, considering that security is mostly perceived subjectively. This does not have to be the case, though.
There are cybersecurity solutions that make it possible to quantify cyber risks. They can present a score for the overall security of an organization, a penetration ratio, and a count of the high-risk files detected, among others. They may also show corresponding charts for these scores. The numerical and visual presentation of an organization’s state of cybersecurity makes it easy to see the most important security concerns and address them in a timely manner.
Leading cybersecurity platforms usually take advantage of collaborative threat intelligence and authoritative cybersecurity frameworks such as MITRE ATT&CK to evaluate risks systematically and with insights on the latest threats. They conduct cyber-attack simulations to test the integrity of security controls that protect email and web gateways, endpoints, and network components that may be exploited for data exfiltration opportunities and other adversarial tactics and techniques.
These innovative platforms then generate numbers that simplify the evaluation of threats and facilitate efficient responses to the detected issues. The numbers may not be completely accurate, but they are a good enough representation of how youngsters behave nowadays.
Remediation prioritization
Cybersecurity keeps improving, but so do the tactics employed to defeat it. Cybercriminals never run out of new ways to evade detection and infect systems. A flawless system that absolutely blocks all attacks is impossible to achieve. It is for this reason that organizations should always have a plan when it comes to remediating after an attack and restoring affected operations as soon as possible.
It is important to have compensating controls established just in case cyber defenses bog down or fail to operate the way they should. There has to be mechanisms to isolate an infection, limit an attack’s impact, and immediately start the process of fixing weaknesses and patching vulnerabilities.
A good way to undertake remediation prioritization is to adopt an attack-based approach in managing vulnerabilities, wherein an organization’s system is comprehensively tested using production-safe attacks not only to determine the effectiveness of existing controls but also to check out which components are most vulnerable to the worst consequences of an attack.
This process is about discovering attack surfaces that may not be fully made free from security weaknesses, but should be prioritized in cyberattack responses to minimize the unwanted consequences and prevent them from causing worse problems.
Spending prioritization and rationalization
Organizations do not have the same cybersecurity needs. Smaller ones with simpler operations can get by with straightforward solutions. Bigger enterprises require extensively experienced cybersecurity experts and sophisticated systems to ensure sufficient protection, especially with the challenge of properly managing network or IT resource access for hundreds or thousands of employees.
It would be massively inefficient to use enterprise-grade security solutions for a small startup even if it appears to be growing at an accelerated rate. Cybersecurity solutions are not cheap and being a going-concern business is not enough reason to overspend on cybersecurity, especially when there is no guarantee that the expensive solution is as effective as its price tag suggests it should be.
The good thing is that there are cybersecurity platforms that are designed to be scalable. These are the software-as-a-service (SaaS) or Infrastructure-as-a-service (IaaS) solutions that do not require the expensive installation and configuration of client software that is tied to a single device. Users only have to pay for the resources they use. These innovative platforms ditch the all-or-nothing scheme that was rampant in previous software sales models.
Some companies may also offer a “security validation” system, which is essentially a trial period that allows organizations to experience the effectiveness of their security tools first-hand, as tested in the real-world setting.
Where does security posture optimization sit in this discussion about security spending prioritization and rationalization? The point is that organizations may need to consider other options that are capable of more effectively handling complex and aggressive threats. It is unwise to stick to an existing set of security controls and cybersecurity ecosystem just because an organization already shelled out a significant amount for them. Cybersecurity is too important a matter to be discussed casually and in a conversation that puts so much emphasis on pecuniary concerns.
The common denominator: security validation
All the points raised here are linked by a common factor: security testing. To determine the efficiency of security controls, testing has to be undertaken. The same goes for the quantification of threats. The numbers are generated by launching attack simulations. The prioritization of remedial actions and rationalization of cybersecurity spending are also based on the results of security testing methods including breach and attack simulation, continuous red teaming, and purple teaming.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.