Intelligent CISO Issue 75 | Page 28

EDITOR ’ S question

ALEX COBURN , CEO OF THREETWOFOUR , A NODE4 COMPANY
Regularly practising your organisation ’ s response will give everyone confidence in their role within that situation . any businesses make the mistake

M of thinking that because they have invested in security products , they have a robust security posture . It doesn ’ t matter how much money you spend on the latest technology , unless you have an end-to-end understanding of your critical data , processes , and systems and how to protect them , you run the risk that your security capability is not addressing the actual threats to your business and is therefore not commensurate to your risk profile .

Organisations need to build a holistic approach to security that is not only focused on technology but also considers people and processes . A simple way to consider end-to-end security is by focussing on four major strategies or streams of security activity :
Prevention
Preventative strategies don ’ t have to cost the earth and businesses often already have the most valuable prevention asset – people . Awareness is not the only prevention strategy , far from it , but an awareness campaign will educate your employees about their role in protecting the organisation and its assets . Interactive strategies such as an annual ‘ Cyber Week ’ have become common practice to keep staff engaged . Additionally , conducting phishing exercises can provide a good assessment of how well employees understand and apply their security responsibilities .
Detection
Detection is a base camp requirement for navigating cyber-risk . If you don ’ t know that a bad actor is in your system , you can ’ t act . Technology is a key component of detection due to the complexity and the resources required to identify intruders . Organisations often turn to an outsourced Security Operations Centre ( SOC ) that can use AI and third-party intelligence sources to provide 24 / 7 monitoring and alerting on potential cyber incidents . Outsourced SOC services are popular as they can provide economies of scale that make them more cost-effective than building your own 24 / 7 service .
Response
The key to successful response is practice . Should the worst happen , there will be a sense of urgency verging on panic that risks clouding your judgement , so , if you don ’ t know how to respond , it will take twice as long . Regularly practising your organisation ’ s response will give everyone confidence in their role within that situation . Often during these practice runs , obstacles or other weak areas are identified , allowing time for these to be ironed out before the practice is put into reality .
Incident response exercises can take many different forms , but we have always recommended a holistic approach that include different parts of the business . Technical IT teams , compliance , risk and the executive leadership team needs to understand their responsibilities by partaking in the exercise because each of these groups of stakeholders have a role to play in cybersecurity incident response .
Recovery
The ability to recover is the final and arguably most crucial step – without it , you can ’ t resume business operations . A great recovery strategy is the 3-2-1-1-0 rule – have three copies of your data , two media types , one copy held offsite , one on immutable or air-gapped storage and zero backup check failures .
Following this rule means that , if you were to suffer a ransomware attack , you will have at least one dataset that will enable you to recover .
Addressing these four steps will not , in and of itself , make any organisation inherently secure . Risk and threat profiles differ widely . However , by covering these four capabilities , businesses can build a solid foundation for selecting , tailoring and maturing a security control environment .
28 WWW . INTELLIGENTCISO . COM