By Eduardo Cabrera, Vice President of Cybersecurity Strategy, Trend Micro
Successful cyberattacks have been all over the headlines in recent years and the problem is only gaining momentum. Even with the high-profile nature of today’s cybersecurity risks, a fundamental problem organizations must remedy is the lack of an effective and comprehensive enterprise risk-management strategy to combat those risks. In fact, according to the 2014 Global Information Security Survey, 56 percent of organizations are unlikely to detect a sophisticated cyberattack. Additionally, 74 percent say their cybersecurity programs only partially meet their needs, with 37 percent having no real-time insight whatsoever.
For far too long, cybersecurity has been considered as simply an IT problem. Security experts have measured success on the volume of malware detected and blocked, not how an organization responds to the threats that matter. Many organizations have taken a one-size-fits-all approach to security incidents regardless of who is attacking, how they work, or what they are after.
Even in the face of weekly, if not daily, reports of cyber attacks and data breaches across all sectors, there is a pervasive institutional failure to grasp the threats faced and the attackers behind them. Only by truly understanding what allows the criminals to succeed can an organization begin to develop and deploy resilient risk-management strategies.
Today, advanced threat actors share common methods to achieve their goals regardless of their motivation whether it is hacktivism, cyber espionage, or cybercrime. Data breach analysis shows that all targeted attacks develop in stages. The pre-attack planning and intelligence gathering stage can take weeks or months; however, the initial compromise takes only minutes or seconds through social engineering or user exploitation. The latter and most lethal stages can take months if not years to develop and worse yet, detect.
The famous Prussian general, Carl Philipp Gottfried von Clausewitz, wrote in the early 19th century: “All war presupposes human weakness and seeks to exploit it.” As in war, the human factor is the weak link that all threat actors, regardless of their category, seek to take advantage of.
Combatting threats
Known as cyber resilience, business executives are beginning to acknowledge their strategies for handling cybersecurity issues must evolve. A cyber resilience program (CRP) encompasses the ideas of defense and prevention, but goes well beyond to emphasize response and resilience in moments of crisis. Key aspects of any successful CRP include:
- Define Business Risks: Focus attention on strategic and operational business outcomes. In the event of a cyberattack, what consequences can the business survive? What will collapse the company? This will tell leaders what they cannot lose and where they need to invest time and resources.
- Develop a Cyber Risk Management Plan: A proactive plan must be put into place to mitigate and remediate targeted threats and vulnerabilities as they appear. Critical to speeding up protection and detection against advanced threats is integrating actionable threat intelligence pre- and post-breach throughout all security layers.
- Outline a Cyber Recovery Plan: What will the business do to ensure prioritization, agility and adaptability when a successful cyberattack occurs? The plan needs to be specific, comprehensive and rigorous. Additionally, no good plan can be perfect until it is practiced. Be sure to put the recovery plan in action on a regular basis to ensure that it’s the right approach.
Gone are the days of expecting businesses to remain secure without putting in place additional cybersecurity and preventative measures. Business leaders need to expect and anticipate cyber breaches, and a plan to minimize reputational, financial and operational impact.
Cybersecurity Best Practices
While the majority of cyberattacks require little skill to execute, they do require an advanced, persistent response—a coordinated and well-resourced strategy that combines advanced threat protection and detection tools and techniques, with improved staff training. With the average cost of a targeted attack now $5.9 million, according to the Trend Micro Ponemon Report, businesses’ advanced planning and investment will be worth it.
In addition to a comprehensive CRP, a few best practices that can guide every executive in protecting their business more effectively include:
- Deploying anti-malware security tools with Web reputation to protect against malware attacks.
- Deploying file and system integrity monitoring across the enterprise.
- Using network, cloud, and host based IDS/IPS tools to shield unpatched vulnerabilities.
- Using stateful firewalls to provide a customizable perimeter around servers.
- Logging inspections to identify and report important security events.
- Implementing an employee cybersecurity training program, and requiring staff to use strong passwords.
Evolving
Cybersecurity is, and will remain, an evolution. Every business is on their own journey along the maturity curve. Decision makers must evaluate their place along that curve based on their perceptions of risks and the controls they need to put in place. At the same time, organizations must rethink and analyze their current strategies to better discover and respond to incidents. By implementing comprehensive security plans, organizations can effectively combat cyber risks and safeguard their business from today’s sophisticated attacks.
Eduardo Cabrera, vice president of Cybersecurity Strategy, Trend Micro, is responsible for analyzing emerging cyber threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service with experience leading information security, cyber investigative, and protective programs in support of the Secret Service integrated mission.
