Be Proactive and not Reactive

 

As the US media is making all Americans more acutely aware of the malicious international intent, corporate leaders are likely to be asking themselves "is our organization doing the right things to protect itself from more active global threats?"  If your organization has a strong cybersecurity team, the answer will be "don't panic, little has changed – our security processes are healthy and we're monitoring our security infrastructure and threat awareness channels."  Breaking this summary into its components... 

Don't Panic

Take action now to avoid reacting, later

Don't panic.  Panic is wasted energy that often drives poor decisions and distorts priorities.  It consumes resources that should be spent otherwise and causes actions that are not fully considered. 

 

ABOUT US

Little has changed.

 Global cyberthreat intelligence organizations have long ago identified multiple actors that they have linked with Iran; APT33, APT34 and APT39.  These organizations have ongoing operations to develop cyber attack methods and locate vulnerable targets.  While their activity level may increase, if your organization has a healthy, active software patching and maintenance practice, there should be no increase in the likelihood of your technology systems being compromised. 

 A quick health-check for your cybersecurity organization on the following points should give you confidence: 

  1. Incident response capability 

    • Security monitoring (detection and prevention) tools are operationally healthy and are current with updates. 

    • Our technical notification and incident response capabilities are ready.  The cybersecurity operations team has practiced our security incident response methods via tabletop exercises and the team is prepared. 

    • Our security leadership team is prepared to execute our event communication plan – appropriately identifying, quantifying and delivering business-relevant updates into the established leadership channels

Healthy security processes.

  1. Vulnerability scanning and remediation lifecycle 

    • We use our security tools to regularly scan our systems and software packages, identifying out-of-date versions with known vulnerabilities.  The risk posed by these vulnerabilities is quantified and prioritization is used to perform maintenance patching to mitigate..
       

  2. Risk review and acceptance 

    • When there are identified risks and vulnerabilities that cannot be quickly addressed, our organization has the right people and processes involved to understand, evaluate and accept (or prioritize) these risks. 

Threat Awareness

Knowing what and how to act in the case of a Threat is 90% of your task

  1. Penetration testing 

    • Within the past year, we've had skilled individuals perform penetration testing of our facilities, networks and pubic-facing IT systems.  Identified issues have been remediated and we're satisfied that due diligence has been taken. 

  2. Threat awareness. 

    • Friendly and constructive education is regularly shared with our entire organization on how each employee can make positive contributions to the protection of our business. 

Cybersecurity Operations

Your cybersecurity operation should have established threat channels that they monitor.  This might be the one area that should be reviewed for possible improvements: 

  • Do you have a vendor for advanced threat preventions (ATP) capabilities?  ATP is a class of capabilities that include global threat event correlation.  This vendor should have tools and resources to improve your threat awareness. 

  • The US Department for Homeland Security US CERT provides a national cyber awareness system to which you can subscribe and monitor. 

  • Does your team monitor a set of Twitter feeds from key industry players? 

  • You can always put a large monitor in your security operations area for displaying one of the global, "live" threat maps that will impress visitors and underinformed executives. 

 

 

4600 Churchill Dr

Shoreview, MN  55126
 

dave@sharemarq.com
 

612 314 5190  Corporate Offices

  • White LinkedIn Icon

©2019 by www.sharemarq.com.