Adopting a resilient cybersecurity posture
The fast pace of digital adoption has earned data the moniker of the “new oil” of the 21st century. However, adequate protection of digital data is proving to be the final frontier for organizations today: the year 2017 has thus far seen an unprecedented wave of cyber attacks on all types of digital data repositories locally as well as globally.
The attacks have been damaging not only in terms of operational disruptions but in economic terms as well. No single industry sector has remained unaffected. A case in point that highlights the damage caused by such attacks is logistics company FedEx acknowledging that the worldwide operations of TNT Express, a transportation company it owns, were “significantly affected” by the recent Petya cyber attack. The company even included this information in its annual filings to the Securities and Exchange Commission.
Looking back in time, a similar wave of security breaches in terms of pattern and impact was observed in 2002. A series of global attacks on account of vulnerabilities in Microsoft products were exploited by Code Red, Nimda and Klex computer worms. The attacks triggered a spontaneous reaction across the entire ecosystem. The 2002 “trustworthy computing” memo written by Microsoft co-founder Bill Gates called for a security review of all Microsoft products at that time which is estimated to have cost the company more than $100 million in terms of programme changes.
As computing form factors transformed from desktops to laptops and then to tablets and mobiles, the processing power and the data storage capabilities have increased tremendously. And while a broad-based adoption of “computing on the go” has ushered in productivity benefits besides opening up new business models, it has, nevertheless, created a “wild West” situation on the internet in which anything and everything digital can be traded freely.
The current spate of cyber attacks are largely focused on taking data out of an organization—in a process called data exfiltration—and often aimed at business disruption. The evolved attack pattern is forcing organizations to go back to the drawing board in terms of their cyber defence strategies. The perspective has evolved from securing and protecting the cyber border or the perimeter of the organization to securing and protecting the organization’s “cyber supply chain”. Modern-day attackers operate in the target environment for months before being detected and hence security professionals now need to focus on anomaly detection techniques for outbound traffic in addition to inbound traffic analysis.
In my recent experiences with multiple organizations, the breach was first discovered by an employee prompting a question as simple as, “Why did I receive a password reset email when I did not request one?” The subsequent analysis often led to the detection of the attackers who have been silently working for a significant period of time. The emergence of artificial intelligence (AI)-based cyber attacks only means targeted attacks will be quick and extremely disruptive.
Regulatory requirements, including mandatory breach reporting requirements, as well as technology innovations, are enabling organizations to re-engineer their cyber defence strategies to address today’s requirements. Increasingly, organizations are enhancing their vendor risk management solutions covering the cyber security health of their critical supply chain to ensure a reasonable cyber security posture.
A new age vendor risk management solution requires an organization to continuously monitor and quantify the cyber risk of third parties. The continuous monitoring approach adopted under these solutions over the prevalent practice of a snapshot-based security audit makes it possible to reduce exposure to serious data breaches from third parties in addition to the organization itself. This risk is especially important in case of the third-party provider storing personally identifiable information (PII) or other sensitive information on a public cloud in order to deliver a business service.
In addition, cyber breach response and recovery areas are perhaps the weakest processes in most organizations. Cyber breach simulation drills and workshops similar to the emergency situation drills for natural disasters and fire preparedness can ensure organizations’ readiness in moments of actual crises. Cyber liability insurance, especially coverage for business disruption losses and data breach recovery costs, is also becoming increasingly important to cover business risks.
Given the cyber security context today, organizations need to recognize the fact that cool technologies—including AI-enabled cyber security solutions—are good, but what makes them work is the skill and talent of humans operating them on a day-to-day basis. In addition, maintaining a good cyber security posture is a collective responsibility and, as such, continually maintaining end user awareness based on current threat perceptions is the most important component of cyber security strategy for any organization.
In summary, the state of being fully cyber secure at all times being a negative goal, an objective mechanism to measure the cyber security effectiveness of an organization to ensure continual improvements is the most effective mechanism in today’s age when cyber attacks are the new normal.
Nimitt Jhaveri is an information technology architect and cyber security expert who runs his own venture, BitScore CyberTech LLP.
Comments are welcome at email@example.com