A place for everything in cyber security

22.10.20 10:16 AM Comment(s) By Jonathan Faurie

The face of the moon was in shadow

When faced with two challenges, it important to know the difference between the two so that you can devise an appropriate strategy to address them.


We are into the third week of Cyber Security Awareness Month and we are presented with the challenge of differentiating between cyber security and cyber resilience. Most companies confuse the two and then come up with these hybrid strategies which are mostly ineffective.


Acknowledging that these strategies are separate, and equally important to companies, is the first step towards effective protection.


The article pointed out that cyber threats like hacking, phishing, ransomware, and distributed denial-of-service (DDoS) attacks have the potential to cause enormous problems for organizations. Not only can companies suffer serious service disruption and reputational damage, but the loss of personal data can also result in huge fines from regulators.


Take British Airways as an example. In 2019, the airline was fined more than £183m by the UK's Information Commissioner's Office (ICO) after customer data was compromised in a cyber-attack. Customer details, including name, address, logins, and payment card, were harvested by hackers – affecting half a million customers in total. The fine, which amounts to around 1.5% of British Airways’ global 2018 turnover, was the first proposed by the ICO under the new General Data Protection Regulation (GDPR).


The article adds that cyberattacks like this are hitting the headlines with increasing frequency. But while a company the size of British Airways can, in theory, swallow such a huge fine and cope with the aftermath, for other businesses, the effects of a cyber-attack can be permanent and devastating. This is why all companies need to invest in cybersecurity and cyber resilience.


What’s the difference between the two?

In a nutshell, cybersecurity describes a company's ability to protect against and avoid the increasing threat from cybercrime. Meanwhile, cyber resilience refers to a company's ability to mitigate damage (damage to systems, processes, and reputation), and carry on once systems or data have been compromised. Cyber resilience covers adversarial threats (such as hackers and other malicious actors), as well as non-adversarial threats (for example, simple human error).


The article pointed out that one way of thinking about the difference is that cyber resilience involves accepting the fact that no cybersecurity solution is perfect or capable of protecting against every possible form of cyber threat. This is why every company needs both aspects. The cybersecurity strategy is designed to minimize the risk of attacks getting through. But when they inevitably do, the cyber resilience strategy is there to minimize the impact.


What does all this mean in practice?

The article adds that practical cybersecurity steps are perhaps more immediately obvious than those for cyber resilience. At the very least, cybersecurity involves ensuring:


-    All your devices are running the most up-to-date firmware;

-    That firewalls, VPNs, and antivirus/malware protection is running and up-to-date;

-    That all software and tools are fixed with the latest patches; and

-    That employees at all levels of the business are educated on the potential threats and how their actions help to defend the organization.


The article points out that cyber resilience steps will vary from business to business, but a good starting point is to work out where cyber events and incidents could have the most damaging effects on the business. Drawing up a list of where your operations are reliant on technology, as well as where sensitive and valuable data is stored and used, will help you to gain an overall understanding of how continuity of service could be affected. This is where the concept of a “digital twin” can play an important role in cyber resilience. A digital, simulated model of your organization or its processes can help you understand the impact on overall output and efficiency.


Having gained an understanding of how core functions could be affected, cyber resilience involves putting in place measures to mitigate the damage as best as possible in the event of an attack. For example, you might develop offline emergency processes to keep essential functions such as customer service, quality assurance, finance, and security running as well as possible until the breach can be fixed.


The article adds that, in addition, you’ll need a solid cyber incident response plan to clarify:


-     What needs to be done in the event of a failure or breach;

-    Who is responsible for taking those steps;

-    How to communicate the incident to stakeholders (customer services will have a core role to play here);

-    How failures should be reported to regulators (which may be a regulatory requirement in your jurisdiction);

-    How to assess and report the impact of resilience measures;

-    How to get back to normal operations as quickly as possible; and

-    How to recover data, if data has been lost or accidentally erased (cyber resilience promotes the idea that it’s impossible to certify that any piece of data is totally “safe,” even if the data is backed up, and therefore steps should be in place to recover it when it is lost).


To help put this plan into action in the event of an incident, many organizations find it helps to create a response team, with representatives from every business department who are responsible for declaring a “state of emergency” and coordinating first responses.


The article points out that technology brings incredible new opportunities and business advantages, but it also brings unprecedented new threats. Cybersecurity and resilience both require an investment in time, resources, and education, but that investment will be repaid many times over once you’ve withstood your first cyber-attack.


Accelerated focus

What is encouraging to see is that there is an accelerated focus on cyber security adoption. Recent studies show that 83% of enterprises transformed their cybersecurity in 2020.


The article points out that this, and many other insights are from a recent survey of IT leaders completed by CensusWide and sponsored by Centrify. The survey's objectives on understanding how the dynamics of IT investments, operations and spending have shifted over the last six months. The study finds that the larger the enterprise, the more important it is to secure remote access to critical infrastructure to IT admin teams. Remote access and updating privacy policies and notices are two of the highest priorities for mid-size organizations to enterprises today. The methodology is based on interviews with 215 IT leaders located in the U.S. 


Some of the key highlights of the study include:


-    73% of enterprises (over 500 employees) accelerated their cloud migration plans to support the shift to remote working across their organizations due to the pandemic;

-    81% of enterprises accelerated their IT modernization processes due to the pandemic;

-    48% of all companies surveyed have accelerated their cloud migration plans, 49% have sped up their IT modernization plans because of Covid-19;

-    32% of large-scale enterprises, over 500 employees, are implementing more automation using artificial intelligence-based tools this year.



SMB adoption

The article points out that the overwhelming majority of enterprises have transformed their cybersecurity approach over the last six months, with 83% of large-scale enterprises leading all organizations. It's encouraging to see small and medium-sized businesses adjusting and improving their approach to cybersecurity.


Reflecting how digitally-driven many small and medium businesses are, cybersecurity adjustments begin in organizations with 10 to 49 employees. 60% adjusted their cloud security postures as a result of distributed workforces.


Leading the way

The article adds that 48% of all organizations had to accelerate cloud migration due to the pandemic, with larger enterprises leading the way.


Enterprises with over 500 employees are the most likely to accelerate cloud migration plans due to the pandemic. 73.5% of enterprises with more than 500 employees accelerated cloud migration plans to support their employees' remote working arrangements, leading all organization categories.


This finding reflects how cloud-first the largest enterprises have become this year. It's also consistent with many other surveys completed in 2020, reflecting how much the cloud has solidly won the enterprise.



The article points out that 49% of all organizations and 81% of large-scale enterprises had to accelerate their IT modernization process due to the pandemic.


For the largest enterprises, IT modernization equates to digitizing more processes using cloud-native services (59%), maintaining flexibility and security for a partially remote workforce (57%) and revisiting and adjusting their cybersecurity stacks (40%).


Highest priority

The article adds that 51% of enterprises with 500 employees or more are making remote, secure access their highest internal priority. In contrast, 27% of all organizations' IT leaders say that providing secure, granular access to IT admin teams, outsourced IT and third-party vendors is a leading priority.


The larger the enterprise, the more important remote access becomes. The survey also found organizations with 250 – 500 employees are most likely to purchase specific cybersecurity tools and applications to meet compliance requirements.


Lesson learning

The article points out that IT leaders are quickly using the lessons learned from the pandemic as a crucible to strengthen cloud transformation and IT modernization strategies. One of every three IT leaders interviewed, 34%, say their budgets have increased during the pandemic. In large-scale enterprises with over 500 employees, 59% of IT leaders have seen their budgets increase.


All organizations are also keeping their IT staff in place. 63% saw little to no impact on their teams, indicating that the majority of organizations will have both the budget and resources to maintain or grow their cybersecurity programs. 25% of IT leaders indicated that their company plans to keep their entire workforce 100% remote.


The article adds that it's encouraging to see IT leaders getting the support they need to achieve their cloud transformation and IT modernization initiatives going into next year. With every size of organization spending on cybersecurity tools, protecting cloud infrastructures needs to be a priority. Controlling administrative access risk in the cloud and DevOps is an excellent place to start with a comprehensive, modern Privileged Access Management solution. Leaders in this field, including Centrify, whose cloud-native architecture and flexible deployment and management options, deliver deep expertise in securing cloud environments.


The bottom line

The bottom line is that it’s time for a better approach to cybersecurity. You may be sufficiently covered and up to speed with the latest industry trends. The fact of the matter is that this industry is constantly evolving, and at a pace that is much quicker than most companies can cope with.


The role of chief security officer has never been easy, especially in the complex bureaucracies of the federal government. Stakes are high, IT infrastructure is sprawling and Congressional oversight could lead to a hearing in an instant. Additionally, nation-states and criminals are increasing their attacks against government agencies, shifting from disruptive and destructive tactics to large-scale social manipulation through disinformation operations.


The article points out that security teams are tasked with defending U.S. government critical assets against cyberthreats, yet they often lack insight into the effectiveness of their security controls.  Unless they are exercised regularly, security controls fail through misconfiguration or user mistakes. Security leaders can help solve this problem by focusing their teams on the threats that matter most and by shifting their approach to a data-driven strategy with performance effectiveness at the center.


The need for increased security effectiveness is clear. Today government agencies face elevating cyberthreats since the onset of COVID-19 and heightened tensions in American society, particularly in advance of the 2020 presidential election. Unemployment and civil unrest provide nation-state groups with preconditions for operations, as a recent Harvard University study on disinformation outlined. The FBI and Department of Homeland Security recently warned against Chinese and other state-sponsored attackers increasing malicious operations amidst the pandemic. Within government, the pandemic has strained workforces, leaving them ill-equipped to address the increasing number of threats. With Gartner forecasting global government IT spending will decline 0.6% in 2020, it’s unclear how agencies can remain secure on a leaner budget.


How to do more with less

The article adds that government IT managers need a way to optimize their security strategy by continuously validating their networks and gauging the effectiveness of current controls to ensure their investments work as intended.


Security optimization is the management practice of maximizing the efficiency and effectiveness of an organization’s total security program by ensuring that existing control investments are measured, monitored and modified continuously from a threat-informed perspective. Security optimization is not about cost cutting; it is about programmatically aligning security and risk services within the organization.


The article points out that It all comes down to data. To achieve efficiency and effectiveness across a security program, government agencies must shift from a project-centric to a program-oriented mindset with performance data at the center.


Nuts and bolts

What would that program look like? First, it would be underpinned by the MITRE ATT&CK framework. Second, it would include automated testing, pitting cyberdefenses against known threats. Third, it would use automated testing to generate real data about the security team’s operational performance.


The article points out that this is a shift in security program strategy. By organizing teams around a shared view of threats, automation and performance data, security leaders can make programmatic improvements in people, process and technology to gain the best return on investment.


Traditionally, “blue team” network defenders focus their operations on meeting baseline cybersecurity best-practices: correcting misconfigurations, administering patches and deploying best-in-class commercial products. If defenses are not oriented toward the most important threats, however, those resources are wasted. If they are not tested actively against probable threats, they are likely to fail when challenged by the adversary, letting the attacker slip past.


The article adds that security organizations typically turn to “red teams” and penetration testing to help secure the enterprise. Red teaming is the process of testing technologies, policies, systems and assumptions by adopting an adversary’s approach.  Although red teams often discover faults in cyberdefense programs, red-team testing is notoriously sporadic, under-resourced and ineffective in validating security controls continuously and at scale to achieve real security effectiveness.


Purple teams

The article points out that one way to improve the efficiency of this approach is by having blue- and red-focused teams adopt a purple team mindset for cyberdefense operations.


Purple team doctrine ensures that organizations optimize their cybersecurity continuously by validating their controls against a library of known attack methods. Purple teams focus on the overarching threat landscape. They understand their security technologies, their organization and its operational attributes. When combined with automation, security teams can test these operations at scale, across the organization, and discover ways to improve security efficiency and effectiveness. The Defense Department has conducted purple team operations to achieve cybersecurity effectiveness for military networks. Other government agencies should adopt a threat-informed, purple team mindset to improve their cybersecurity effectiveness at a programmatic level. 


By ensuring that existing security investments are measured, monitored and modified continuously from a threat-informed perspective, senior security leaders can use performance data to make sound investment decisions, improve the cybersecurity of government agencies and better protect Americans’ data.


Important tips

In the modern age, small and medium businesses contribute a lot towards economic development. However, these are the companies who are most vulnerable to cyber attacks.


Here are some important tips for these companies to follow:


-    Implement a Robust Firewall. A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall;

-    Create and Enforce Password Policies. You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered.  Consult NIST for the latest password guidance;

-    Security Awareness Training. Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program;

-    Backups. It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.


So where does GT fit in?

GTconsult has a long history of assisting companies with their cybersecurity and cyber resilience. A lot of our clients are large companies; however, we specialise in SMBs as that is where our A Team can give focused advice and assistance.


GTconsult offers a range of cyber security services that will ensure that you are protected against any threats. We also have our A Team which will assist you with any concerns you have. Contact us today to find out more.

Jonathan Faurie

Share -