We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
If you work for an American company, consider yourself to be on the front lines of modern cyber conflict.
This is not news to most folks in the cyber community, who are very aware of growing threats and increasing cyberattacks from third-party hacking groups. We aren’t telling you this to spread fear, but the Russian invasion of Ukraine made this reality clear. We have witnessed Nvidia, Bridgestone, Toyota, and Expeditors International all having to shut down operations from cyberattacks in the past week. While it’s uncertain whether or not the Russian government is directly behind these attacks, one thing is certain: American companies need to be ready for action. If these cyberattacks escalate, it will be the first time cyber could have a major impact on the outcome of an international conflict. Threats have gone from being a nuisance (like ransomware) to destructive — destroying data and causing impactful disruptions.
Together, we’ve spent decades supporting US defensive and offensive cyber operations. We know what it’s like to be on the frontlines. Here’s what we hope American leaders can learn from our experiences to secure their businesses:
Communicate, prioritize and give your IT and security teams the resources they need
Now is the time to keep communication lines open. Be responsive and compassionate to your security team, since they have been on the frontlines for decades and tend to be overworked. Give them the space to do what they need to succeed. Work with them to prioritize what matters most to the business so they can focus.
A geopolitical event like this will get board-level attention. People understand the consequences of attacks when they see them hit close to home. Use the shift in prioritization to get your cyber program where you need to take it. Communicate what your organization is doing to protect the company, as well as which gaps must still be addressed.
Boards, executive teams and leaders should, if they haven’t already, incorporate a cybersecurity strategy into their business plan. Now is the time to batten down the hatches and use influence to drive a positive outcome for IT and security teams.
Reflect and be honest about the maturity of your security program and team
All security programs are different, and they can only be improved one step at a time. Before you can make changes to mature your program, you need to have a firm understanding of where your program is currently. Take a temperature check, assess your maturity and acknowledge that you may not be as mature as you want to be, but that’s okay.
To be resilient, you need to be able to fight through a cyber attack while having minimum impact to the business and emerge stronger than before.
To get at your honest maturity level, ask:
- (Least Mature) Are we compliant? Are we only doing the basics to meet regulations?
- (Mature) How confident are you that we will stop opportunistic phishing or ransomware attacks?
- (Most Mature) How successful would our security program be if we were Russia’s target? Could we catch the adversary before they cause harm?
Give your security team time to build a realistic plan for moving up the maturity scale. The plan should not be dependent upon a ton of talent or acquiring a bunch of security tools. You don’t have time for that.
Prioritization is critical. You need to prioritize what’s most important to secure, and what doesn’t matter. This is a must — your team will fail without it. And, yes, it’s okay if some things go unprotected! It’s better to secure what matters most than to secure nothing.
Increase the maturity of your cyber program to prepare for a nation-state attack
Many modern businesses forego fundamental security best practices because they are considered ineffective. While it is true that the threat landscape has evolved, blocking and tackling is still at the foundation of an effective program. Security is a process, not a state.
Does your IT & security team:
- Have the visibility they need to closely monitor your most valuable assets — your IP, source code, customer data, email servers, etc.? As part of this, does the team have a pulse on all the technologies or applications connected to your most valuable assets? Do you have a person that can actively monitor activity to catch a bad actor in the act?
- Reduce the number of people with access to critical systems (VPNs, firewalls, management tools, etc)? They should also make sure all the technologies that connect to critical systems also have restricted settings. Otherwise a hacker can hop from one system to the next, leapfrogging to your most important assets.
- Attempt a “zero-trust” mindset? For example, do you stop your firewall from communicating outward, or prevent it from talking to a Russian IP address? Preventing your firewall or VPN from talking to things outside your network won’t hamper productivity, but will be what stops an attacker from successfully completing their objective.
- Segment your networks into sub networks? It’s likely that in the cloud era, your team created open networks where everything can communicate freely, but broad accessibility will extend to an attacker. “Subnets” create more points of visibility, hampers attackers and will give you more time to stop the attack before impact.
- Amp up the security settings from all your vendors. Software vendors rarely ship products with heightened security settings — it’s up to your security team to reconfigure them. Ask your team to turn off unused applications or product features. Enable monitoring on all services and reduce the amount of access each user has.
This will be a long road, but there are steps you can take
There is no perfect security state, but there are resilient systems that survive attacks with acceptable risk. Attackers will constantly develop new threats and improve their capabilities. To withstand today’s cyber conflict, take a moment to reflect where you are and communicate with those around you. Boards, executives, SOC team members and general employees alike all need to be aligned with your overall strategy and plan. There is no such thing as over-clarification when it comes to your incident response plan. Don’t underestimate this point as you navigate these challenging times.
Dan MacDonnell is the Chief Strategy Officer at Randori, former deputy chief of the National Security Agency (NSA)/Central Security Service (CSS), former Chief Resilience Officer at State Street, former nation-state hacker and former CISO. David Wolpoff (moose), is CTO & cofounder of Randori and former red-teamer. He’s on a mission to give defenders the attacker’s perspective.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!