One of the most fundamental questions that gets asked in Cybersecurity is what the weakest chain in the link is. Anybody can say anything really, but keep in mind that Cyber is such a huge and gargantuan world, it is almost impossible to tell what that weak link is.
This can only be revealed of course by conducting an exhaustive examination of what happened after the Cyberattack has actually transpired, by conducting a thorough Digital Forensics examination. But if you were to examine this from a truly macro, or holistic approach, then the world of Cybersecurity is embracing literally two components to it:
Technology and people. Experts will tell you that technology can be the weakest link, or even that human beings are (this has been the biggest area of blame in a lot of ways). In fact, people will even tell you that both can be blamed. But whatever the case may be, people and technology will always be around, so it is up to the CISO to figure out how to make these two into assets.
One such way that some companies are embracing this is to treat Cybersecurity as literally direct warfare. In fact, in many ways, we are already at war with different nation state actors, such as those of Russia and China.
They have launched Cyberattacks towards the United States when it comes to targeting both digital and physical assets (in particular that of Critical Infrastructure). In return, I am sure that we have also returned fire to some degree or another, we have also returned fire, but in the name of national security, it does not make the news headlines.
In fact, the various branches of our own United States military have dedicated Cyber Warfare teams, that are used to detect ultra-sophisticated threat variants, and to share the intelligence that has been garnered to this effect to the respective authorities.
But the moral of the story is how to take the principles that are used in the military and apply that to the everyday Cybersecurity Threat Landscape. The key here is to create an effective “War Room” that is actually a dedicated part of your business.
Here are some key steps that the CISO can follow:
*You need to bring in the right people:
What I mean by this is that Cybersecurity is not just about the IT Department or even the IT Security team. This means all of the departments in your company. Just think about it: If your company is impacted by a security breach, the first target will of course be the digital assets. Now these will have a far-reaching impact to all of the departments. For instance, Finance, HR or even the Sales and Marketing could very well likely be all impacted in the end. Therefore, along with the relevant members of the IT Security team, you also need to bring in those people from these relevant departments and bring them into your War Room so that they can offer their input as to how they think they could possibly be impacted as well. This feedback can then be used to create an overall strategy to beef up the lines of defenses on a daily basis. But also remember that this not just a one-time deal. These people that you select for your War Room must be consulted with on at least a regular basis, by still getting their feedback and keeping them informed of that you have been learning and finding out as well.
*Have the ability to make decisions quickly:
In the business world, this is also known affectionately as “Paralysis Analysis”. This simply means that despite all of the information and data that you are presented with, you still cannot come out with a decision as to how to proceed. But in the world of Cybersecurity, this cannot happen. Given just how sophisticated Cyberattackers are these days, any wasted time could result in the threat variant leaving a larger impact on your business. And this will only get worse the more time you let fly by. Think of it this way: Suppose that you are the President of the United States. As such, by the statutes of our own Constitution, you are the Commander In Chief. Suppose you receive intel that there is a nuclear strike coming down on us. In this regard, you only have minutes to decide if you are going to retaliate or not. This is the kind of mindset that you your War Room needs to be adopt to. If you have everything that you need to come to a decision, then make it and execute on it. Obviously, everybody on the team needs to be on board for the same consensus, but ultimately you, the CISO (and also the Commander In Chief) need to make the sole decision. If you still remain indecisive, then the rest of your War Room team will be the same way. But also keep in mind, that there are other sophisticated tools out there that can help you to reach a firm decision. This is the usage of both AI and ML tools. As I have written about before on numerous occasions, these two types of technologies can ingest a huge amount of information/data in just a matter of a few minutes and come up with some rock-solid alternatives for you to decide and act upon.
*Always rehearse and practice:
Just like in the military, one of the best ways to stay sharped and focused is to keep enacting out real world scenarios and apply the lessons learned from it. Perhaps one of the best examples of this are your Incident Response/Disaster Recovery/Business Continuity Plans. These are the sets of documentation that spell out the specific steps that your company will carry in case you are hit with a security breach, and how you will resume business operations both in the short term and long term. But simply writing these documents is not enough. The people that are involved with these processes need to know what their responsibilities are, and how to enact on them on a real time basis. The only way that this can done is to practice them, once again, on a real-world basis. Things and circumstances will always change, so that is why you need to keep these documentation sets updated as well with the lessons that have been learned after each drill has been conducted. In a Cyber-attack, the time to respond and mitigate needs to be as minimal as possible, in order to contain any further damage.
My Thoughts On This:
Remember, having the latest technologies on hand in your War Room is always important. But equally important is having the right people on board as well, that can help you to act quickly to whatever is being faced.
In this regard, there is often some confusion to the War Room and the Security Operations Center (SOC). With the latter, this is an entity that is created to keep an eye on the Cybersecurity Threat Landscape for your clients that have hired you to protect their IT and Network Infrastructures.
But with the former, this is a separate entity that has been solely created to protect your business. So in the end, while technology and people can be the weakest links, they can also be the strongest as well, and should be embraced by the CISO as such.