Last updated at Fri, 04 Oct 2024 14:49:34 GMT
As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Predicting what’s going to happen in our cyber world is nearly impossible. A greater challenge is explaining this to stakeholders and conveying how difficult it is to get (and stay) one step ahead of threat actors. We’re paid to understand this, yet it can often feel like shooting in the dark when anticipating the next strike.
Senior leadership teams thrive on certainty and predictability. So how do you plan and manage this?
Focus on what you can control
Ultimately, you can only control what's in front of you: the tools, applications, and services the business uses to operate. While this might seem obvious, many people spend a considerable amount of time and energy on things that they can't influence.
Your time is best spent focusing on what’s visible and within reach. Begin by identifying the crown jewels of your organization — understanding the scope of your environment and what exactly you’re protecting. Then, implement controls and monitor for abnormalities.
Regularly conduct comprehensive risk assessments and vulnerability scans to identify potential weaknesses in your organization's IT infrastructure. This helps uncover existing vulnerabilities and potential entry points for cyber threats, particularly in areas where the ‘crown jewels’ are held!
Leverage threat modeling
Threat modeling provides very useful analysis, unique to your organisation. Various factors determine your threat model including industry, compliance and regulations and finally, customers. Using your threat model as a guide, you can get a clear picture of the unique risks your business faces and design controls around those. These insights can also inform your approach to Table Top Exercises, preparing you for potential incidents.
While predicting a threat actor’s next steps is challenging, gathering and understanding this information through these exercises can enhance your ability to anticipate future threats. After all, identifying unknowns is crucial.
With a clear focus on what you’re protecting, you’re now able to analyze and draw learnings from past events, which is often a good predictor of future occurrences. While threat actors are often portrayed as volatile and unpredictable (and this is true in some cases), they’re only human — and humans are creatures of habit. Recognizing patterns in their behaviour can provide valuable insights.
This is where threat intelligence gathering is extremely useful. Make sure you stay informed about the latest cyber threats and attack trends by monitoring reputable sources of threat intelligence. Placing yourself in a position to better understand what trends and patterns have occurred in the past, may help you better predict the types of threats or vulnerabilities your organization could be subject to in the future.
How Rapid7 can help - Threat Command
Threats can come from any direction. Rapid7’s Threat Command scans the clear, deep, and dark webs for potential dangers before they affect your organization. It provides contextualized alerts on threats affecting your business, proactively researching malware, tactics, techniques, and procedures (TTPs), phishing scams, and other threat actors. Threat Command replaces point solutions with an all-in-one external threat intelligence, digital risk protection, indicators of compromise (IOCs) management, and remediation solution.
Proactive profiling
Conducting risk assessments, vulnerability scans and gathering threat intelligence helps you to understand the ‘cyber profile’ of your organization. This preparation helps you anticipate the types of threats typically used against similar-sized organizations or those in your industry. There are trends and patterns that emerge., for example, our Ransomware Data Disclosure Report found that internal financial data was leaked 71% of the time in the healthcare and pharmaceutical sectors — more than in any other industry, including financial services.
Tailored strategies for different organizations
Threat actors focus on ‘big fish' because they're often newsworthy and recognizable — threat actors have egos too! Large organizations should consider strong encryption and network segmentation to contain potential threats. Prioritise data types for additional protection.
For smaller organizations, where an online presence is critical but public profile is lower, backup and recovery are essential. This is in case systems are locked or shut down. Ensure software and systems are up-to-date with the latest security patches to prevent threats exploiting known vulnerabilities. Automate this process to keep it off the to-do list.
Building a detailed picture of your data and crown jewels allows you to reduce risks and build cyber resilience, identifying potential unknowns along the way.
How Rapid7 can help - Managed Detection and Response
Managed Detection and Response (MDR) services accelerate your team’s incident response capabilities with end-to-end service. Acting as a seamless extension of your team, our experts monitor your business 24/7/365. They leverage proprietary technology and analytics to keep your business safe against advanced threats. You can also gain access to our award winning VRM technology to perform unlimited scans to your in-scope environment to spot vulnerabilities before they’re exploited by threat actors.
Communication is key
But don’t forget — communication is key. Organizations crave predictability and cybersecurity can often appear to be a ‘black box’ to those unfamiliar with it. Transparent lines of communication and regular updates mean you can paint a clear picture of potential risks that could impact your business (not to mention the business benefits of investing in security).
Proactivity is essential. With so much happening in our field, it can be tempting to simply react and respond to what’s going on around us. However, demanding weekly updates with your stakeholders and keeping them informed of your work will make managing a crisis more bearable. This way, if something unpredictable happens, it won’t be a complete surprise, and you’ll be better prepared to manage it.