CXO cybersecurity imperatives: A threat-informed approach
Harness a threat-intel informed approach
I think we can all breathe a sigh of relief that we made it to the end of 2021. From a cybersecurity perspective, this year was a doozy. We had to deal with one cyber incident after another, across an expanding digital attack surface that, thanks to accelerated cloud migrations, IoT adoption and desktop digitalization, grew at a pace that served only to exacerbate the complexity of responding. With Apache log4j rounding out the year with a festive bang!
Tim Erridge, Vice President of Services at Palo Alto Networks.
Unfortunately, the risk of cyberattack is constantly changing due to ongoing business transformations, so there doesn’t appear to be any slowdown on the near horizon.
Now the obvious question is, what more can be done to gain a greater degree of control over this situation? In 2022, the most critical investment of time and effort would be to adopt a proactive cybersecurity strategy focused on understanding the most credible threats to your business, and to develop preparedness and sustainable cyber resilience for your organization. This strategy is predicated on having visibility, both into the most relevant cyber risks and into how your business is exposed to those risks while it transforms.
Having a clear view of the most credible cyberthreats to your organization and a strategy for addressing them is how you can justify to your key stakeholders the deployment of holistic controls that are proportionate to the real-world threats facing your environment. This allows you to genuinely improve the organization's security posture and resilience.
Harness a threat-intel informed approach to continuously evolve your security strategy
Threat intelligence exists to support informed decision making. Here are some of the steps you can take:
- Create impact on systems that you consider business critical. You should be able to trace decisions made about your defensive priorities to credible intelligence of threat actors currently undertaking attacks. If you don’t currently have a framework or a prioritized list of cyberthreat scenarios, ask your intelligence team or provider for one.
- Review your assets and the enumeration of your attack surface objectively. If you can’t determine the level of business criticality for a system, how will your security teams know how to prioritize defending it? If you don’t know where these systems reside, nor how they can be accessed, it means you have more work to do when the inevitable incident hits.
- Look at credible threat scenarios and evaluate which vulnerabilities to prioritize by using knowledge of asset criticality, attack surface exposure and the prevalence of exploitation. Then marry this with a full understanding of the current state of your defense tactics, and your plans for responding to an incident.
It’s important to realize this is not a one-time exercise. Instead, this needs to establish the capability to continuously monitor and evaluate your dynamic business’ digital ecosystems, as well as the evolving threats. Therefore, it is imperative to embed this in a repeatable way, i.e. via policy and process (and ideally automation) throughout your system’s lifecycle. Adopting a threat-intel informed approach for both “change” and “run” initiatives can be the game changer here.
This threat-intel informed approach fuses research, empirical data and expertise to build out a holistic, strategic view of your organization's threat landscape.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Empower the board to provide true oversight and get them on your side
You need a compelling business case to receive funding and support for your security programs from key stakeholders, including your Board of Directors. Reactionary and ambiguous reports don’t resonate; there's no room for panic. Too much technical detail also doesn’t work, as it takes too long to digest. Instead, try outlining the full potential set of business consequences and the cost associated with an inefficient and ineffective cyber defense to highlight the risks facing your organization in a language your stakeholders understand. Showcasing how you're helping the Board and key stakeholders understand the “why” behind your plan will help you get them on your side.
This approach enables you to clearly demonstrate how the investments proposed establish sustained security and resilience, pivoting from consequence limitation to the business benefits realization of an enhanced security posture. Here are some of the steps you can take to build a business case:
- Determine your organization's key attributes and map how your cyber program is designed to preserve these.
- Regularly benchmark and report on your ongoing risk reduction activities. It can help keep the Board on your side.
- Use a data-driven approach to demonstrate positive progress, and show your ability to sustain your security posture against evolving threats.
These steps will enable you to build alignment and trust at the highest level of your organization and obtain the resources needed for your strategic planning.
We've featured the best endpoint protection software.
Tim Erridge, Vice President of Services at Palo Alto Networks.