Keeping Your Cybersecurity Strategy Agile And Dynamic
By Kumar Ritesh
Cybercrimes have evolved rapidly over the last five years — cybercriminals are no longer isolated, loosely organized amateurs. They have become sophisticated, innovative and structured, posing a significant risk to government and business. The attack methods deployed by threat actors have become highly creative and continue to evolve rapidly.
They range from “fileless” and multi-behavior malware using new deception techniques to exfiltrate sensitive information to the use of emerging technologies, such as AI/ML to launch cyberattacks. Social engineering techniques have also accelerated in recent times to facilitate ransomware and malware infections across many IT and OT systems. In our current battle against the novel coronavirus pandemic, the state of cybersecurity affairs should be elevated to “critical,” in my opinion. The number of phishing attacks, malware and online scams has been on the rise and I expect we will continue to see more hackers seeking to profit from people’s fear and anxiety.
Against this backdrop of evolving cyber threats and risks, many organizations still have only a static approach towards their cybersecurity strategies; I’d recommend and encourage all business leaders to use a systematic approach of looking at cyber strategy, roadmap, risk and policy. Here are my top recommendations on how business and cybersecurity leaders can keep their strategy agile and cybersecurity posture strong:
1. Keep your horizon long but always be prepared to review, update and change your cybersecurity strategy as frequently as needed in order to stay ahead of any emerging threat.
2. Having built your cybersecurity roadmap is great, but the ability to pivot quickly based on the external threat landscape is equally important.
3. Other than business needs and drivers, an external threat landscape should be a trigger to change strategy. Let me explain. Let’s say you have decided to expand your business to a new country because you have seen the opportunity to grow market share. However, a closer look at the goings-on in cyberspace will inform you that state-sponsored hacker groups are lying in waiting to mount a cyberattack on the next foreign entrant in their bid to protect local businesses.
In this example, we can see the importance of an external threat landscape assessment and how that would facilitate the organization to better plan its expansion and implement appropriate security controls. The external threat landscape should, therefore, include observations in cyberspace, and you should examine that impact to make an informed business decision.
4. Having built your cyber strategy and roadmap to operationalize it, you can then commence on enterprise risk management where you incorporate learnings from external and internal cyber signals and intelligence. Enterprises may have regular risk management and audit exercises, but to build a truly agile cybersecurity strategy, risk management updates should be made in real-time.
5. When it comes to cyber policy, you should review the framework and program based on external intelligence. As you receive new insights, you will need to take these inputs and amend the policies accordingly.
6. External insights on industry, technology and geography should inform your overall cybersecurity strategy. Stay abreast of these cyber trends to keep your cyber risk profile updated. This refers to understanding cyber events that are relevant to your industry, the geographical location in which you are operating and the technology your enterprise is using. By correlating information collected in cyberspace against these three domains, you will have relevant insights that can guide your strategy and roadmap.
7. A dynamic and agile cybersecurity strategy should continuously assess different attack vectors; this means understanding how hackers and adversaries can leverage a weakness to penetrate your network and infrastructure to assess confidential data. This is particularly important with digital transformation projects where data and assets become available over the internet and made accessible to suppliers and business associates. This creates new attack vectors and vulnerabilities for hackers to exploit. While a successful digitalization project would ask for frictionless access — referring to minimal hassle to connect and trade over online platforms — business leaders must mitigate the risk involved before activating these projects.
8. To build a dynamic risk profile, organizations must deploy an outside-in cybersecurity approach. This means having to dig deep into the dark web, surface web and hackers’ communities to understand if threat actors are taking an interest in your intellectual property, financial records, personal data and other types of assets. Knowing your adversaries are operating in cyberspace and preparing to launch an attack against you is eminently crucial. This impacts your “hackability” rating and should form part of your risk assessment.
9. When building a dynamic cybersecurity strategy, seek to understand the context of a threat. Be it a cyber threat or overall risk management, always answer who, what, when, why and how. With clear contextual understanding, you can put into place an efficient and effective mitigation plan.
10. Now, an external landscape change doesn’t mean a change to your cybersecurity strategy every time. What you need to do is to identify new attack vectors and re-prioritize your cyber initiatives. For instance, if your cyber intelligence indicates that a hacker group is using social engineering tactics to trick your employees into release passwords, your approach would be to kick in cyber education, not just to alert employees but also to coach and teach them how to manage such malicious cyberattacks.
11. Your cybersecurity strategy should be a “live” document and reviewed periodically. Aim for weekly or at least monthly cyber risk advisory, incorporating external signals to be shared with the risk management board, and quarterly review to go through planned cybersecurity roadmap to reevaluate if that is still applicable to the current threat landscape and business climate.
Holistic Action Plan
Moving toward an agile and dynamic cybersecurity strategy requires a mindset shift where all business units are committed to using an iterative and adaptive method to manage cyber risks. All levels of the organization must also support the rapid implementation of changes as the threat landscape can evolve very quickly. An agile cybersecurity strategy that calls for a holistic approach spanning across people, processes and technology can be far more effective than a static one.