I must say that the last couple of weeks have been rather
successful my business partner’s and I new Cyber startup. For instance, we just formed some key partnerships
in which we will be leveraging some of the newest technologies that are out
there to help the SMB market more so than ever before. In this, there are two key keywords (yes, more
technojargon) that have been around, but will soon hit the news circuits.
These are “autonomous” and “automatic”.
Let’s face it, the Cyber industry is changing the by the
minute. It seems like that hardly you
close up shop for the night, the next day something new is on the horizon. Because of this, IT Security teams simply
cannot keep up. Just imagine if it was
only us humans monitoring all of this.
We could never keep up, and things will only get progressively worst.
But luckily, there are many tools out there that can help do
the routine processes in the daily hunt for what is bad out there, and this is
where the term “automatic” or “automation” comes into play. We have seen how AI and ML can help automate
many procedures, especially when it comes to analyzing all of the warnings and
messages that come in, and filter out for the false positives.
Now, the next term of “autonomous” is a new one that is
coming out. This simply means that a
Cyber tool does not need any human intervention of any kind. But of course as we all know; some degree is
of course needed. Now, if you combine these
two terms, you’ve got a tool that can literally be your watch dog on a 24 X 7 X
365 basis, without ever getting tired.
And, it is in this regard, it is hoped that this newer level
of technology can help Corporate America be even further proactive as to what
is happening out there in the Cyber threat landscape. For example, many companies today do not even
know if there is a Cyberattacker that is lurking amongst their IT and Network
Infrastructure.
In fact, many hackers break in, and hide for a long period
of time, going unnoticed. Technically, this
can be referred to as the “Dwell Time”.
During this timeframe, data exfiltration will happen, bit by
bit, and these pieces of PII datasets will have more than likely made their way
into the Dark Web for resale purposes.
Worse than that, it will then be even months until the company in question
discovers that they have been breached.
IMHO, this is totally inexcusable.
Given the advancements in technology, these timeframes need to be greatly
reduced.
So this brings up the question yet again: How do we get business owners from having a
reactive mindset to one that is more proactive, as stated earlier? Well, here are some steps that can be
followed, rather quickly:
1)
Get to know your enemy:
Once you realize you have been hit
and the damage has been done, it does not end there. The Cyberattacker will come back again, because
now they have full knowledge of not only where your weak spots are, but they
know now the degree of the value that your crown jewels possess. In other words, this is not a one and done
deal. So in this regard, this is your best
opportunity to study the attack signature, and build up a profile that can be
fed into all of the tools and technologies
that are in your arsenal. This is also
where your threat researcher can come into key play as well. For example, with the intel you have
collected, he or she should be able to extrapolate what future profiles this Cyberattacker
can bring to the table. Remember, they
are not going to waste time and money to come up with a brand-new threat
variant. Rather, they are simply going to build a better mouse trap just
slightly so that they can evade detection the second time around.
2)
Watch for supply chain attacks:
As I mentioned before, Cyberattacks
just don’t happen once, they will come back to haunt you again. They many not hit you directly per se the next
time around, but they will make their next impact on your other business associates,
namely your suppliers, hence the name of the title. This has been best illustrated by the Solar
Winds attack, where just one piece of software tool was used to infect
thousands of other end users. So in this
regard, you need to work with your supply chain to make sure that they are up
to snuff with their own Cyber defenses as well.
If you have been hit, it is very important that you share with them
whatever knowledge you have so they can better protect themselves as well.
3)
Watch for the post breach period:
After you have been impacted and have
started to make the road to recovery of mission critical processes, there is
still yet more to be dealt with. For
example, customers and key stakeholders of your organization need to be
notified immediately of what has just happened, and the steps that you are taking
to rectify the situation, and eventually, how you plan to mitigate this from
happening again. Of course, you will also
have to deal with the federal regulators, and law enforcements as well. But there is something even much serious you
will have to deal with: Building up your
brand image and reputation once again that has taken years for your to achieve. Recent studies have shown that customer will
stick with their vendor even after they have been hit, as long as they have
been open and honest, and are taking immediate steps to address the situation
not only now, but into the future as well.
But the bottom line is that this is not the just the job that is left to
the CISO: Everybody in the C-Suite and even
the Board of Directors should be held responsible for doing this.
My Thoughts On This:
In fact, just during the last several weeks, I have been having
conversations with people as to why Corporate America is so reactive to
Cybersecurity. Very often the thinking
is this: “If haven’t been hit, then most
likely, we never will”.
But now, I am not sure I totally believe in this
viewpoint. I think business owners are
truly aware that they need to take further steps to remediate the holes and
vulnerabilities that are lurking in their organizations.
The real fear is if that something is discovered, then it
will cost a lot of money to fix it. So
why open a can of worms when there is no need to yet? Unfortunately, this is a mindset that is
really just human nature. We have it in programmed
in our minds to think this way.
But keep in mind also, that the Cyber industry is starting
to realize that the SMB market is a totally overlooked one, and that there are
some real opportunities in it.
So as a result, there are making many of their solutions
very cost effective for SMB owners. In
fact, many of them now have solutions that integrate the terms “autonomous” and
“automatic” together to help better protect you. So, it is not all totally expensive. Once you realize that you need to be proactive,
take that step and start a conversation with a Cyber vendor who is willing to
work with you, the SMB owner.
No comments:
Post a Comment