Having spent the last few years focused on helping organizations build triage workflow processes in Security Operation Centers for networked based detection and response technologies. I saw a pattern emerge in the type of events that organizations were consistently more worried about or interested in.
It wasn’t opening suspicious email attachments or web browser drive-bys that they were most concerned about. There are strong technological controls and processes in place to deal with the vast majority of threats in those vectors.
Nearly all organizations have reached a risk appropriate cyber maturity level from these well-known patterns of attack and feel comparatively resilient, as they have invested in multiple security technologies spanning the entire MITRE ATT&CK chain and can even confidently identify late stage techniques and tools that are “living off the land.”
Instead, the events that organizations were most interested in, were almost always directly related to uncovering, “the land.” These were the events that they feel less resilient to, as they represent a blind spot in the application of risk management. If you have a robust understanding of what the land looks like, you can mature a cyber capability to deal with threats that would attempt live off it.
In simple risk terms, if you don’t know the land, you can’t manage what’s in it.
The good people at the World Economic Forum, released guidance in January this year, designed to help organizations in the aviation sector advance their cyber resilience endeavors.
Actually, the guidance transcends aviation and is appropriate to any industry sector and every type of organization.
The World Economic Forum’s initiative poses 8 questions, that organizations should ask themselves to assess and advance their levels of cyber resilience.
These 8 questions progress organizations cyber resilience by challenging 3 pillars upon which cyber resilience is built. The first two questions relate to visibility, how much of your organizations critical infrastructure is visible. Can you fully see the extent of risk upon your attack surface?
The second pillar of resilience is maturity and is tested in the next three questions (3-5). Do you truly have a 360-degree view of risk, how it might manifest, from all of your digital surfaces, including 3rd parties.
The 3rd pillar of resilience is, Capability. How rich is your ability to measure, detect, respond and learn, questions of capability are challenged in questions (6-8)?
It’s not just the World Economic Forum taking a lead, measuring cyber resilience is becoming a critical requirement in most other sectors, the Pentagon have recently released the (CMMC) Cybersecurity Maturity Model Certification, which requires defense industrial base contractors to achieve a minimum level of maturity, those who achieve higher levels of certification are rewarded by including cyber as an “allowable cost” in certain RFP´s.
The World Economic Forum’s cyber resilience initiative lays down guidance for best practice baselining and measurement of cyber resilience as a continuous and always improving process via all three of the pillars.
It is initiatives like “Advancing Cyber Resilience” from the World Economic Forum that will promote a common risk criteria and encourage a robust understanding of what is valuable to resilience in cyber operation centers across every industry sector through 2020 and beyond.
Sign up to receive the latest news