Outpacing the Adversary: Three Tips on How Mature Organizations Can Continuously Improve Cybersecurity

November 22, 2019

| | Endpoint Security & XDR
A new survey conducted by Lloyds Banking Group reveals that improving cybersecurity ranks as the top concern for banks, edging out last year’s priorities of reducing operating costs and improving customer satisfaction. But what does “improving cybersecurity” even mean? With the threat landscape evolving at such a fast and furious pace, where do mature organizations, such as the financial institutions included in the survey, focus their efforts? Unfortunately, there is no clear-cut answer. Every organization’s needs are unique and must be adapted based on individual risks and existing capabilities. At the same time, there are some commonalities among mature organizations’ cybersecurity strategies, particularly as they relate to people, technology and processes. Our recent whitepaper, Where to Invest Next: Guidance for Maturing Cyber Defenses, examines how these organizations can advance their digital security efforts in each of these key areas.

 

1. People: The Right Technical Staff is Essential

Having the necessary technical personnel in place is one of the most important aspects of a security program. It is also one of the most difficult. To reach maturity, the cybersecurity program should be led by a dedicated executive — typically a chief information security officer (CISO). This individual oversees all cybersecurity operations, including educating the entire organization about the risk landscape and how to manage a wide range of threats and vulnerabilities. Another part of the CISO’s role is building out the larger security team. Typically, mature organizations break down the security function into smaller working groups that focus on specific issues. Depending on the size and needs of the organization, this could include separate teams for monitoring, network operations and threat intelligence. Many organizations are also moving toward a "fusion center" concept, melding various cybersecurity capabilities and/or integrating cybersecurity with physical security.

2. Technology Is Key

Mature organizations have likely already developed a threat detection framework that outlines both the organization’s risks and their technological capabilities that help defend against cyber threats. However, in order to improve detection accuracy and response time, mature organizations should consider tailoring their security incident and event management (SIEM) tools with custom detection rules. These parameters can be set to detect specific attacker activities identified via threat intelligence, or to flag activities that deviate from the organization’s baseline.

Take a Strategic Approach

Advanced organizations may also consider taking a strategic approach to their technology stack, adding additional capabilities to cover known blind spots or create redundancy in critical areas. While there is no template for the correct mix of tools, capabilities at this level often include an intrusion detection system/intrusion prevention system (IDS/IPS), which includes the ability to perform packet capture, some form of enterprisewide data loss prevention (DLP), and advanced network management tools.

3. Processes Are Foundational

While people and technology are important building blocks in the security strategy, they are only as effective as the processes that underpin them. For example, even with the most skilled people and advanced technology, it is unreasonable to expect an organization to eliminate every vulnerability. However, mature organizations can implement a process to track vulnerabilities that are allowed to persist. This process should include management approval for any vulnerabilities that have been accepted, as well as a periodic review to ensure that the cost/benefit of addressing that vulnerability has not shifted.

Periodic Pen Testing

Advanced organizations can also consider incorporating periodic penetration tests or red team exercises into their vulnerability management programs. These exercises simulate real-world attack methods used to gain unauthorized access to network resources. They often help identify vulnerabilities that simple scanning cannot detect. Finally, as organizations advance, they will need to devote more resources to monitoring their computing environment. There are a variety of ways organizations may staff these activities, such as through internal staff, an externally managed security service provider (MSSP) or both. The most mature organizations incorporate these activities to allow for company-specific anomaly-based decision making.

 

Holistic and Customized Strategy

It’s the reality of today’s threat landscape that even as organizations continue to build their cybersecurity capabilities, adversaries are actively maturing their tactics and tools. That’s why it’s imperative that organizations focus on staying ahead of the attackers. It’s clear that as adversaries and their methods become increasingly sophisticated, a breach or other incident become unavoidable without adequate countermeasures and improvements. The takeaway for banks – and for mature organizations in every field of endeavor: Creating a customized, holistic cybersecurity strategy should remain at the very top of the agenda, now and in the future.

Additional Resources