3 minute read
Taking a proactive approach to cybersecurity
REUT WEITZMAN
By Reut Weitzman, Manager, Cyber Security Services at Sygnia
In today’s digital world, data security is crucial regardless of what type of business you are in.
Data is what businesses rely on to make decisions, stay competitive and grow. But as our dependence on data has increased, so has the risk of data being compromised by cyber breaches, especially by the accelerated transition to remote work. That is why it is more important than ever for CISOs to be better prepared to respond should an incident occur. Here is a close look at how organizations can take a proactive approach to cybersecurity.
Cyberattacks come in different forms of compromising data through networks. With the rise of remote working in many businesses, there has been a surge in ransomware attacks. Ransomware is a type of malware that encrypts a victim’s files enabling the attacker to demand a ransom payment to decrypt them. This cyber-extortion attack can have a devastating impact on a business, producing financial loss, reputation damage, operational disruption and compliance failures. In severe cases of sensitive data or mission-critical systems being impacted, businesses have had to shut down completely due to a ransom attack. Ransomware readiness is a state that must be continually maintained. It is not a one-time event. Therefore, a cybersecurity plan should be a living document that is regularly updated as new threats emerge and new technologies become available. Businesses must keep abreast of the latest cybersecurity news to be familiar with threat actors’ tools, techniques and procedures and modify their incident response plan to stay ahead of the curve. Identify the measures needed to enhance resilience across the entire attacker kill chain: from penetration through lateral movement to execution.
Make sure to allocate the resources and budget necessary to enhance the organization’s ability to prevent, detect, respond to and recover from all phases of the attack, and keep your up-to-date plan effective. Many organizations fail to execute their cybersecurity plan, usually due to lack of oversight necessary to ensure proper implementation. Set up an assurance process to measure the controls effectiveness, track and test the plan to ensure it meets key performance indicators (KPIs) and key risk indicators (KRIs) that correlate with the business strategy.
The question organizations face is no longer ‘if’ a cyberattack will happen, but ‘when’. That is why engaging with a strong, dedicated incident response team armed and ready to go, before an actual incident occurs, would be a smart move. This approach would reduce the response time, minimize the impact on the business and enable faster recovery.
A strong incident response team should be proficient in dealing with a variety of threats and have a deep understanding of how attackers operate. During a cyberattack the team would:
• coordinate and align the key resources within the organization to conduct digital forensic investigations across various operating systems, networks and environments; • support technical teams to contain and defeat threats, including hands-on remediation; • advise the executive leadership on managing the crisis and on the strategic dimensions of cyberattacks.
When onboarding an external incident response team, ensure seamless integration with the organizational IT and security teams. The onboarding process should include obtaining a basic understanding of the general network architecture and critical systems, ensuring familiarity with current visibility capabilities and contingency plans, and establishing secure data sharing and access processes that can be leveraged during an incident.
Finally, it is important to have a recovery plan in place. This plan should include steps for how to ensure systems are clean and can be securely restored, how to communicate with customers and employees, and how to prevent future attacks.
To stay ahead of adversaries, start by identifying your crown jewels—the most valuable assets—and understanding your vulnerabilities, knowing the many ways your defense could be breached and your data compromised. Put in place the protections needed to keep the attack surface as small as possible, maintain a resilient cybersecurity posture, and be prepared to respond to incidents. It is not a question of IF, but a question of WHEN.
www.linkedin.com/in/reutweitzman
