Eight steps to achieve cyber resilience in the new world of work
The huge shift in work practices that has taken place across Australia during the past two years has shifted the goal posts for security professionals. Measures that worked well in the past now need urgent review and amendment, writes Joanne Wong, Vice President International Marketing APAC and EMEA at LogRhythm.
Observing that many staff are going to work from home for an extended period – if not permanently – cybercriminals are changing their tactics and techniques. Some organisations have reported a reduction in phishing campaigns aimed at offices because very few staff are there.
At the same time, other organisations have reported a jump in perimeter scans as cybercriminals search for vulnerable remote access points as a way to gain access into corporate infrastructures. These vulnerabilities may have been created as an unintended consequence of the rapid shift to remote working.
There has also been an increase in SMS-based phishing (dubbed Smishing) and voice-based phishing attacks (dubbed Vishing) where people are encouraged to provide personal and financial details to what might appear to be a legitimate organisation.
Across all industry sectors, cyberattacks are increasing in both frequency and complexity. In fact, it’s reached the point where some organisations are finding it difficult to secure cyber insurance because insurers are no longer convinced they have measures in place to withstand attacks.
Achieving cyber resilience
To overcome these challenges, Australian organisations need to urgently review and improve their levels of cyber resilience. To achieve this, there are eight key steps that need to followed:
1. Begin a transformation program
Effective cybersecurity cannot be achieved by taking a piecemeal approach. Actions must be well planned and taken throughout the organisation. Take time up front to create a detailed program that will guide activity and investment during the next twelve months.
2. Focus on threat detection
Achieving resilient security means having a strong threat detection capability. Review the monitoring tools and services you have in place to ensure they are capable of detecting new and emerging threats.
3. Monitor the threat landscape
With cybercriminals using increasingly sophisticated methods to mount attacks, it’s important for security teams to understand what they are up against. Constantly monitor what is being used, what’s new, and how it might affect your organisation.
4. Evaluate current security capabilities
Measures that worked in the past may no longer be sufficient to prevent an attack. Critically examine your current defences and determine whether they actually have the capability to protect against new threats.
5. Establish an incident-management capability
Even with the best security tools in place, it’s a case of ‘when’ rather than ‘if’ an organisation will fall victim to a cyberattack. For this reason, it’s important to have in place detailed run books, play books, and crisis management manuals. These should spell exactly what steps would be followed if an incident were to occur.
6. Adopt the MITRE ATT&CK framework
This widely used framework comprises a comprehensive matrix of tactics and techniques and is used by security professionals around the world. It allows everyone involved in cybersecurity to talk using a common language.
7. Hire the right people
The best security professionals are those who work to constantly keep themselves up to date with changes to the threat landscape and the measures that can be taken in response. There is currently an acute shortage of such people, so take steps to nurture talent in those staff already in place. Consider establishing cyber apprenticeships to train people drawn from other areas who can work alongside existing professionals.
8. Forge external relationships
It’s said that no man is an island, and neither are organisations. Forge relationships with security professionals within other firms in your sector as sharing information and details on threats and defence techniques can help to improve cyber resilience across the board.
An ongoing challenge
The cat-and-mouse game played out by cybercriminals and security teams is unlikely to be won any time soon. For this reason, it’s vital to achieve and maintain focus on cyber resilience as a matter of priority.
Following these eight steps is a solid start, but it’s certainly not the end of the process. Security teams still have a long and challenging road ahead.