Mastering the New CISO Playbook
How can you safeguard your organization amid global conflict and uncertainty?
Cybersecurity has always been a moving target. Most recently, a two-year global pandemic and the war in Eastern Europe have heightened the risk of cyberattacks, prompting President Joe Biden to urge US companies to "harden [their] cyber defenses immediately."
Consider the current cybersecurity landscape. In 2021, US businesses weathered a 17% increase in data breaches from 2020. Also in 2021, organizations experienced the highest average cost of a data breach in 17 years at $4.24 million, up almost 10% from the previous year. Common attack vectors include compromised credentials, phishing, and cloud misconfiguration. Now, modern warfare has been redefined to include cyber warfare.
As CISO, your job is to ensure there are controls and processes in place to help mitigate risk to the organization, and the current global instability has upped the risk ante for all organizations. You have already been working to identify and prioritize risks from fraudulent SMS, phishing emails, ransomware attempts, breaches, distributed denial-of-service (DDoS) attacks, fake landing pages, and more. But how can your organization double down on cybersecurity to stay one step ahead of the curve?
Based on this current global landscape, it is time for CISOs to rethink their strategies.
1. Realize that the security playbook has changed — at least for now.
The landscape has changed, and the playbook must change, as well. Previously, we've seen cybercriminals focus on ransomware or phishing attempts — attacks focused on monetary incentives. If we think about potential nation-state activity, we will see fewer financially motivated attacks and more attempts to disrupt or shut down specific services or networks, including DDoS attacks.
Rather than infiltration and breaches, we will see more backbone-level attack attempts (think ISP and uptime) that affect availability and continuity. This could also extend to major cloud providers and Internet resources. Bad actors may focus on resources that allow people to continuously share and exchange free-flowing information — including services tied to the economy. Their aim is to affect, disrupt, and destabilize continuity, preventing major organizations from delivering value. There is also the potential for more "strategic viability" cyberattacks against critical infrastructure systems, such as those driving power generation or electricity production.
In the past, we saw more concealed interaction. In other words, prior attempts were cloaked; one host country could launch an attack from another unwitting host. Now, the cloak is gone, and there is less effort to conceal attacks.
2. Make visibility a priority.
Organizations need the appropriate controls and mechanisms in place to "see" where specific traffic and requests come from so they can start making the difficult decisions about where they will allow traffic to come from.
This is not just about enabling safe access, but also creating the ability to control the flow of traffic and requests to your company and assets. You need to drill down into activity across your platforms and assess everything from a geolocation perspective. Have you deployed technology that allows you to actively contextualize traffic patterns based on what's happening globally? If several major service providers experience an outage, can this be attributed to global interference at a nation-state level? If, when, and how will this affect your organization? Can you detect if a nation-state threat actor targets your organization, and, if so, can you trace the exact location and source? Also, keep in mind that criminal hacking groups can work closely with nation-states, which makes a proxy attack possible.
3. Keep your security controls under control.
As CISO, you should maintain an updated risk register. This risk register should identify threats, outline the probability they will affect your organization, and present the overall potential impact. This framework, which should be broken down into sections that align with various business units and stakeholders (such as infrastructure, internal systems, and Web applications) should help you prioritize identified risks.
You should also be up to date on cybersecurity compliance regulations, standards, frameworks, and certifications (such as GDPR, ISO 27001, PCI-DSS, and FIPS, SOC) that ensure the security, processing integrity, and privacy of sensitive data. Security controls, specifically, encompass data encryption, network firewalls, password policies, network access control, and more.
Keep in mind that new standards may be imposed by your host/home government amid ongoing conflict. This could affect, for example, who you allow to access your platforms. The security and IT teams will be tasked with using existing controls or leveraging them in an alternative capacity to meet new government mandates — mandates that may apply internally to a company or companies that operate with them. You may be called upon to prevent traffic from geo-specific locations to better safeguard customer data or to fulfill an applicable restriction from a governing body. Also, your organization's customers may ask if you have can block or deny access to your platform based on a certain region.
Conclusion
When it comes to cybersecurity, no one person can control all the variables — especially variables at a global level. In addition to your usual risk mitigation efforts, you should be prepared to adopt new policies and processes — depending on the "temperature" of global events. If cybersecurity is a moving target, it's moving even faster now. Organizations that reinforce their defenses (and prepare for additional safeguards) will have the best playbook for pre-empting and preventing new types of fraud, breaches, and hacks.
About the Author
You May Also Like