Pages

20 June 2023

Maximizing the defender’s advantage: Five steps cyber leaders can take today

Dan VanBelleghem

Security teams have an inherent advantage over attackers. They know their environments better than anyone. They can monitor those environments, control user activity on their networks and plan and perform preparation training, all in an effort to prevent attacks and drive resilience. This gives cybersecurity leaders the “defender’s advantage” — albeit a temporary and fleeting one — over their attackers during a breach.

This means that even as the complexity of attacks and sophistication of the attackers evolve, careful and deliberate attention paid to preserving this advantage can serve an organization well. Federal agencies can take five important steps to maintain their defender’s advantage.
Incentivize collaboration

Federal agencies are big and comprised of multiple departments and functions. Often, in these environments, security is inadvertently compartmentalized from group to group and can destroy the defender’s advantage. Leaders should encourage their teams to view cybersecurity as an enterprise function and should incentivize collaboration across groups to facilitate the sharing of best practices, create a culture of cooperation and to strengthen the agency’s overall security posture. For example, leaders can implement a cross-functional cybersecurity task force with representatives from across IT, HR, legal and operations teams. This task force can meet regularly to share insights, discuss emerging threats and collaborate on incident response plans.

Know your environment and baseline assets

Yes, your defender’s advantage includes the knowledge of your environment and a baseline understanding of your assets that you have but your attackers don’t. That’s why it’s important to conduct regular inventory audits to ensure you have an up-to-date understanding of all hardware, software and data assets on your network. This can help identify unauthorized or unsecured devices and applications. The same goes for your suite of cyber tools across all capability demand areas ranging from cyber hunt, cyber operations, threat intelligence, incident response, monitoring and detection, risk management and more. The defender’s advantage depends on current and reliable information – information that is incumbent upon you to gather and maintain.

Engineer and architect security solutions for your environment

Combined with knowledge of your network and what people do on it, your knowledge of the purpose-built solutions and how they work also contributes to the defender’s advantage. It’s imperative that cyber leaders are aware of the security solutions running on their networks, how they work and how they protect mission critical systems. A gap in this knowledge is a gap attackers will find and exploit. For instance, cyber leaders can embrace a zero trust architecture that aligns with their knowledge of the network, assets and mission. This approach assumes that no users or device is trusted by default, which complements your defender’s advantage. Implementing zero trust may involve segmenting the network, requiring additional authentication for privileged users, consistently monitoring for unusual activity within the network perimeter and employing tools that help validate the legitimacy of users and devices. By focusing on zero trust, you ensure a breach in one area doesn’t compromise multiple systems, ultimately strengthening your security posture.
Lean forward with planning and preparation

When it comes to cybersecurity, knowledge gathering is only as important as your knowledge-sharing. Make sure you are conducting the appropriate planning and preparedness exercises across teams. Ensure processes and procedures are in place and operating as intended. Get your teams ready for inevitable breaches and the ability to bounce back. This includes looking at how to use automation effectively as well as appropriately training your people to handle higher value order tasks. You have the advantage; don’t get complacent.
Choose partners with mission-centric approaches

In cybersecurity, as in footwear and in fashion, one size does not fit all. Ensure your partners are taking mission-centric approaches to securing your enterprise. Create, execute and then update customized operational playbooks that support resilience rather than remediation. Attacks will happen. Your focus should be on mission continuity and restoring operations as quickly as possible. Partners often have greater agility and flexibility, and can dynamically align services with needs. Make sure you have the right partners on your team. When selecting cybersecurity vendors and partners, prioritize those that have a proven track record of working with organizations similar to yours in size and mission. They should be able to demonstrate their understanding of your unique challenges and tailor their solutions accordingly.

Indeed, the defender’s advantage gives agencies a leg up on their cyber attackers. That’s why preserving it is so important and requires constant attention and calibration.

Dan VanBelleghem is a senior director, cybersecurity programs, at General Dynamics Information Technology (GDIT).

No comments:

Post a Comment