Saturday, April 23, 2022

How The Terms "Autonomous" & "Automatic" Can Lead To A Proactive Mindset

 


I must say that the last couple of weeks have been rather successful my business partner’s and I new Cyber startup.  For instance, we just formed some key partnerships in which we will be leveraging some of the newest technologies that are out there to help the SMB market more so than ever before.  In this, there are two key keywords (yes, more technojargon) that have been around, but will soon hit the news circuits. 

These are “autonomous” and “automatic”. 

Let’s face it, the Cyber industry is changing the by the minute.  It seems like that hardly you close up shop for the night, the next day something new is on the horizon.  Because of this, IT Security teams simply cannot keep up.  Just imagine if it was only us humans monitoring all of this.  We could never keep up, and things will only get progressively worst.

But luckily, there are many tools out there that can help do the routine processes in the daily hunt for what is bad out there, and this is where the term “automatic” or “automation” comes into play.  We have seen how AI and ML can help automate many procedures, especially when it comes to analyzing all of the warnings and messages that come in, and filter out for the false positives.

Now, the next term of “autonomous” is a new one that is coming out.  This simply means that a Cyber tool does not need any human intervention of any kind.  But of course as we all know; some degree is of course needed.  Now, if you combine these two terms, you’ve got a tool that can literally be your watch dog on a 24 X 7 X 365 basis, without ever getting tired.

And, it is in this regard, it is hoped that this newer level of technology can help Corporate America be even further proactive as to what is happening out there in the Cyber threat landscape.  For example, many companies today do not even know if there is a Cyberattacker that is lurking amongst their IT and Network Infrastructure. 

In fact, many hackers break in, and hide for a long period of time, going unnoticed.  Technically, this can be referred to as the “Dwell Time”. 

During this timeframe, data exfiltration will happen, bit by bit, and these pieces of PII datasets will have more than likely made their way into the Dark Web for resale purposes.  Worse than that, it will then be even months until the company in question discovers that they have been breached.  IMHO, this is totally inexcusable.  Given the advancements in technology, these timeframes need to be greatly reduced.

So this brings up the question yet again:  How do we get business owners from having a reactive mindset to one that is more proactive, as stated earlier?  Well, here are some steps that can be followed, rather quickly:

1)     Get to know your enemy:

Once you realize you have been hit and the damage has been done, it does not end there.  The Cyberattacker will come back again, because now they have full knowledge of not only where your weak spots are, but they know now the degree of the value that your crown jewels possess.  In other words, this is not a one and done deal.  So in this regard, this is your best opportunity to study the attack signature, and build up a profile that can be fed into all of the tools  and technologies that are in your arsenal.  This is also where your threat researcher can come into key play as well.  For example, with the intel you have collected, he or she should be able to extrapolate what future profiles this Cyberattacker can bring to the table.  Remember, they are not going to waste time and money to come up with a brand-new threat variant. Rather, they are simply going to build a better mouse trap just slightly so that they can evade detection the second time around.

2)     Watch for supply chain attacks:

As I mentioned before, Cyberattacks just don’t happen once, they will come back to haunt you again.  They many not hit you directly per se the next time around, but they will make their next impact on your other business associates, namely your suppliers, hence the name of the title.  This has been best illustrated by the Solar Winds attack, where just one piece of software tool was used to infect thousands of other end users.  So in this regard, you need to work with your supply chain to make sure that they are up to snuff with their own Cyber defenses as well.  If you have been hit, it is very important that you share with them whatever knowledge you have so they can better protect themselves as well.

3)     Watch for the post breach period:

After you have been impacted and have started to make the road to recovery of mission critical processes, there is still yet more to be dealt with.  For example, customers and key stakeholders of your organization need to be notified immediately of what has just happened, and the steps that you are taking to rectify the situation, and eventually, how you plan to mitigate this from happening again.  Of course, you will also have to deal with the federal regulators, and law enforcements as well.  But there is something even much serious you will have to deal with:  Building up your brand image and reputation once again that has taken years for your to achieve.  Recent studies have shown that customer will stick with their vendor even after they have been hit, as long as they have been open and honest, and are taking immediate steps to address the situation not only now, but into the future as well.  But the bottom line is that this is not the just the job that is left to the CISO:  Everybody in the C-Suite and even the Board of Directors should be held responsible for doing this.

My Thoughts On This:

In fact, just during the last several weeks, I have been having conversations with people as to why Corporate America is so reactive to Cybersecurity.  Very often the thinking is this:  “If haven’t been hit, then most likely, we never will”. 

But now, I am not sure I totally believe in this viewpoint.  I think business owners are truly aware that they need to take further steps to remediate the holes and vulnerabilities that are lurking in their organizations.

The real fear is if that something is discovered, then it will cost a lot of money to fix it.  So why open a can of worms when there is no need to yet?  Unfortunately, this is a mindset that is really just human nature.  We have it in programmed in our minds to think this way. 

But keep in mind also, that the Cyber industry is starting to realize that the SMB market is a totally overlooked one, and that there are some real opportunities in it. 

So as a result, there are making many of their solutions very cost effective for SMB owners.  In fact, many of them now have solutions that integrate the terms “autonomous” and “automatic” together to help better protect you.  So, it is not all totally expensive.  Once you realize that you need to be proactive, take that step and start a conversation with a Cyber vendor who is willing to work with you, the SMB owner.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...