Recent Attacks Require An Updated Mindset
Jeff Wehrman, Vigilant CISO
In recent months, a significant number of organizations have been affected by attacks ranging from “smaller” vendor vulnerabilities such as the ones involving SonicWall, VMware, and others to the larger scope and more impactful attacks targeting SolarWinds’ software supply chain issue and Microsoft Exchange’s critical 0-days.
NOTE: For those of you that aren’t familiar with that term, a 0-day is a cyber-attack where an attacker targets a software vulnerability that is unknown to the software vendor or to other preventative control vendors and has not yet been patched or otherwise mitigated.
The scope and impact of these attacks should give pause to organizations of all different sizes and across all industries to revisit and re-think their cybersecurity strategies moving forward.
Let me put a finer point on it…
I think the main question for those of us tasked with defending organizations is: “how should we respond (notice I didn’t say “react” there) to these recent events? What is the big lesson that must be learned from all of these scenarios?”
The main takeaways from all of these situations/events should be:
Takeaway #1: We need to re-focus on defense in depth or, in other words, layers of protection around the critical assets for your organization.
Takeaway #2: With sophisticated threat actors on the rise and the recent targeting of critical third-party systems, it has become quite clear that a new or revised mindset of security is needed. We need to have a growth mindset, not just for life in general, but specifically as it relates to security. We need to continually up our game and get better every day - even if it’s just 1% because those results compound over time.
Takeaway #3: Organizations need to take a fresh look at their team and the cybersecurity talent within in order to stay “ahead” enough to proactively defend their organization in today’s environment.
So, with all that said, where do we go from here? Here are some recommended actions tied to the above takeaways:
Review your layers: What are the “tools” in your cybersecurity “toolbox” as they relate to protecting your critical assets? If you place too much reliance on just your patch management, endpoint protection, network protection, etc., that can put you at a distinct defensive disadvantage down the road. While each of these measures can be strong protections, they can also fail. It is wise to implement a mix of these protections as layers of defense in order to provide a more hardened attack surface that isn’t as enticing to attackers
(Re)assess your security maturity: Do you treat security as just a cost center or as an enabler to the business? Is your security program providing enough or the right value back to the business? How are you tracking your program, your controls, and your overall cyber defense readiness? Establish a baseline and build a roadmap of what security for your organization should look like.
Review and enhance your team where needed: Do you have the right people in the right roles with the right expertise to provide an ongoing, proactive, and real-time response to cybersecurity attacks? Unless you have a group of highly skilled, full-time cybersecurity defenders, there’s no reasonable way to stay ahead of all the changing adversaries, threat vectors, tactics, techniques, tools, and other threat intelligence to adequately protect and defend your organization without partnering and collaborating with a dedicated third-party.
As I often say, we are all in this together. Security is a team sport that does take a whole team to achieve a strong cyber defense posture. It involves users doing the right things, battle-hardened IT and security experts building the right controls and protections, and strong leadership through adversity and new challenges – it’s up to all of us.
We need to keep building our programs, measuring implementation, and tracking controls over time so we can accomplish our mission of protecting, defending, and enabling business. Let’s keep growing more secure through our habits, our risk management, our systems, our programs, and our teams and partners.
If your organization does not already have a dedicated cyber defense team, it is incredibly advantageous (and dare I say prudent) to leverage third-party security resources that have the expertise, are already protecting numerous organizations and in the fight every day so you and your team can have time back to focus your energy and efforts elsewhere to support your core business mission.
To learn more about how Vigilant has responded to these recent attacks and/or how our products and services can help you protect and defend your organization against advanced threats, please contact your CRS representative.