Maintaining digital risk management in today’s interconnected world requires updating security processes and procedures to identify levels of risk that more traditional approaches fail to identify. This means understanding your applications and the relationship between the technologies in your supply chain / alliances and / or partners. You also need to understand data processes.
This means mapping the data flow – “knowledge” of your data; “Who” has access to “what”; “How” they have access to it and “how often”; and physical locations that may be subject to different local regulations and laws. This must be accompanied by work to build mature trade obligations between you and your suppliers to achieve the necessary levels of risk reduction.
The source of the threats and the inherent risk can be identified in several ways, including threat intelligence mapping the digital footprint of the organization or attack surface and the participants in the threat directed at your organization or sector.
Threat hunting exercises should be performed regularly, such as looking for opportunities to take over subdomains or attackers that target organizations by purchasing typo domains.
Penetration testing can identify specific risks to systems, but keep in mind that this is at a certain point in time, networks and applications, and these risks need to be weighed against key regulations and standards of good practice, including GDPR, NCSC Cloud Security Principles, NIST and ISO 27001.
However, we also need to consider what ongoing proactive measures are in place to step up this work.
Advances in technology provide an opportunity to address risk in broad, complex IT ecosystems. Combining a mixed combination of threat intelligence and surface protection measures allows organizations to detect, evaluate, and provide effective intelligence. This will tell them what they don’t know, instead of focusing on what they already know.
These platforms can provide scalable analytics frameworks that allow organizations to quickly and efficiently find unusual attributes in group unstructured data and in internal and open Internet infrastructure.
These new technologies provide the ability to quickly identify assets that require more security attention than others in the IT domain. This provides a way to prioritize the threats that need to be addressed in the immediate, medium and long term, allowing more efficient and effective use of pressed resources.
Advances in artificial intelligence (AI) also help build forecasts and the ability to better streamline and take appropriate action in response to risk. This technology is now available as a business-wide solution for monitoring key systems and data to protect business operations, revenue, reputation and profits from cyber and digital risk 24/7.
Test your ability to detect and respond to cybersecurity
It is also important to conduct cyber incident exercises to determine how resilient organizations are to cyber attacks and to practice their response in a safe environment. The exercises also help to create a culture of learning within an organization and enable the relevant teams and individuals to maximize their effectiveness during an incident.
Creating individual exercises is a way to tailor them to reflect the organization’s values and the unique challenges, constraints, and threats it faces.
One example of this is CBEST, which was developed by the Bank of England as an approach to testing sustainability and compliance. It differs from other types of security tests in that it is based on threat intelligence and is less limited in that it takes a holistic view of the entire organization rather than a narrowly focused system penetration test. It also focuses on more complex and persistent attacks on critical systems and basic services.
The inclusion of specific cyber threat intelligence ensures that tests reproduce the evolving threat landscape as accurately as possible and therefore remain relevant and relevant. The feedback from the test then outlines actions that can be taken to improve defense capabilities and increase operational resilience.
This type of competitive testing is commonly called Red Team testing, with the penetration testing company simulating the attackers, who then target the organization’s ability to detect and respond – the Blue Team. It is usually a more collaborative approach between attackers and defenders called the Purple Team exercise, which is usually done iteratively to ensure continuous improvement of the ability to detect and respond. Attacks – real or simulated by testing – must be detected and an adequate and timely response given.
Given the complexity and interconnectedness of modern business technologies, it is crucial that IT teams deploy the full range of protections to understand and monitor their vulnerabilities and take action to minimize the risks they identify.
Rob McElvany is a cybersecurity expert at PA Consulting