The recent news surrounding the SolarWinds hack has public and private enterprises scrambling to ascertain if their respective institutions have been breached. Each week since the news of the attacks was released seems to reveal the ever-widening breadth of the attack, and it will likely be months or perhaps even longer before all the damage is known to the effected organizations.
How Can Organizations Thwart Cybersecurity Threats?
Widespread notable hacks are not necessarily a new thing, but the fact that breaches have occurred across so many different industries and institutions is very concerning to Chief Information Security Officers (CISOs) and the boards and other stakeholders that have an interest in cleaning up and/or preventing any further sort of attacks. Just as scientists worldwide have been searching and coming up with several different vaccines to help prevent the onset of COVID-19, providers of security software and services have also been rising to the occasion to provide improved versions of the various products and services that they offer.
Sometimes this involves combining existing capabilities into newly minted capabilities with fancy sounding names, or even the creation of brand-new capabilities. Tested efficiency levels of each COVID-19 vaccine seems to vary from 50% up to around 95%. CISOs struggle with the reality that they can not afford to just be 95% efficient in thwarting and rapidly detecting attacks, so they need to be constantly looking for ways to keep up with the ever-increasing efficiency of the cyberattacks that their criminal opponent are launching at them.
With so many innovative and different ways to protect an enterprise, it is easy for security teams and the stakeholders that have an interest in having a secure environment to become overwhelmed. Different forums, publications, and cybersecurity vendors will start spewing out acronym-filled terms that promise to greatly reduce or eliminate some of the threat vectors, such as those that are thought to have contributed to the carnage surrounding the SolarWinds breach. Which new service or technology holds the key to the magic kingdom? Is it Zero Trust? Managed Detection and Response (MDR)? Endpoint Detection and Response (EDR)? How about the latest buzzword acronym DoH (DNS over HTTPS)?
Ray Kroc, the founder of McDonalds, was recognized as a genius in the restaurant industry for his ability to put processes in place to combine quality food, fast service, and clean restaurants for the masses to enjoy. His genius for his entrepreneurial skills could be summed up by one of his quotes: When you are green, you are growing. When you are ripe, you are rotten. When enterprises start to think about the next steps that need to be taken in the wake of the SolarWinds breach, a good 1st step might be to correlate Ray Kroc’s thoughts back to the people, processes, and technologies that constitute a cybersecurity program, and look for incremental improvement in at least one part of each of these core areas.
People
The global pandemic has not necessarily opened the floodgates for spending on cybersecurity, yet IDC has noted that HR departments have the defenders of the enterprise at the top of the list when it comes to refilling depleted technology positions. As these positions get filled or have additional depth added top them, there are a number of relatively low-cost options that can create incremental improvement to any organization’s cybersecurity posture:
- Pandemic fatigued work-from-home associates are much more likely to click on phishing links. Consider creating or adding additional phishing training across the organization. Perhaps some friendly competition to see who can forward the largest number of suspicious e-mails to the security team to review, with the winner getting an award.
- Review opportunities for cross training your security team. Allowing team members to learn and acquire new skills will give fresh perspective and give your team added flexibility.
- Test your team’s skills by engaging in cyber range activities. It is better to have these skills tested in a virtual environment before they face off against a nation-state crafted malware attack.
Process
Digitally transformed organizations recognized the need to streamline their organizations and gain some flexibility in their digital capabilities by moving a large portion of their capabilities to the cloud prior to the COVID-19 pandemic. As other organizations joined them in the cloud during the pandemic, the expedited rush to the cloud – coupled with the new work-from-home reality – has left a few processes in shreds. With the surge in ransomware and other advanced attacks, many organizations are realizing that their lack of having a recent tabletop exercise since COVID-19 has dramatically slowed their capability to respond to breach situations in a timely manner. The “war room in Conference Room 3” has been replaced by a Zoom conference call, but that call will be anarchy if the playbooks have not been updated to reflect the new systems and processes that are being utilized since the onset of the pandemic.
Technology
When the mass move to a work-from-home reality took place, the big firewalls that were previously used to keep the bad guys out of the data centers and on-premises computing devices now need some help to protect increasingly geo-dispersed users that need access to their data regardless of where it is located. Many organizations are already on the way towards moving to a zero trust network architecture (ZTNA). Start thinking about ways that you can do some micro segmenting of the network as a precursor to starting down the zero trust path.
Other organizations are starting to recognize the benefit of upgrading their technology stack by moving to an XDR platform or outsourcing their threat detection and response capability to an MDR provider that can rapidly elevate their cybersecurity level by providing the ‘blocking and tackling’ capabilities that MDR is well suited for.
Summary
Now is not the time to stand pat. There is no magic bullet or single program that will fully insulate your organization from the cyber criminals who seek to inflict so much harm. Recognize the opportunities to take incremental steps to mature your cybersecurity program. Don’t stand still – listen to Ray’s words and get green and growing!
Want to know what IDC’s security services team is watching as we begin the new year? Watch our Security Services Market Update Webinar on demand now: