Chris Kubic is the Chief Information Security Officer (CISO) at Fidelis Cybersecurity. Kubic brings with him more than 30 years of experience driving Information Assurance and Cybersecurity initiatives... Read More
In the last year, we’ve battled with the cyber security and operational challenges of transitioning to work-at-home. We’ve also witnessed exponential growth in phishing attacks and ransomware attacks targeting work-at-home users, the healthcare industry, government agencies, educational institutions – and really when you get down to it – targeting everyone.
Just when we thought it couldn’t get any worse, we witnessed and are still working through the aftermath of two large-scale and devastating nation state cyber-attacks – SolarWinds and the Microsoft Exchange attacks. I don’t know about you, but at this point I’m afraid to open my News feed for what might be coming next.
With this unprecedented level of cyber activity, I thought it would be a good time to take a step back, gather some lessons learned, and work to prepare ourselves for the next “big attack” – and since we really don’t know where the next big attack will come from, we need to be prepared to rapidly respond to whatever the attackers throw at us.
I like to keep things simple, so I recommend focusing your efforts to prepare for the “next big attack” in three areas:
While the importance of good cyber hygiene is well known, organizations struggle to keep up with the endless stream of CVEs, security patches, and software updates. And attackers continue to take advantage of poor cyber hygiene to gain access to networks though Phishing attacks, drive by attacks, credential compromise, and exploitation of unpatched vulnerabilities.
My guidance here is not to try and boil the ocean, but instead focus on your most critical and most exposed assets. If you have a large and complex infrastructure, automation is key to keeping these devices secure. For example, automated discovery, inventory, and categorization of the IT assets connected to your networks (i.e., what’s on my networks – IT, OT, and IoT), automated tracking of vulnerabilities, and automation to help you assess the risk of assets based on vulnerabilities present on the asset, their criticality to your business operations, and their level of exposure to the Internet and 3rd parties. Fidelis has some great terrain mapping and risk management solutions in this space, so if this is something you continue to struggle with, I suggest you look at what we have to offer. Some other things to consider:
I’ve written in the past about the need to move beyond protective and reactive defense (i.e., passive defense) to proactive, predictive, and retrospective defense (i.e., active defense) in order to defend your enterprise against the full spectrum of cyber threats. Active XDR is eXtended Detection and Response solutions purpose-built for Active Defense (per MITRE SHIELD). It helps users “shift left” and engage with and defeat adversaries earlier in the attack lifecycle. Fidelis has been an innovator in this market segment since its inception. Fidelis Elevate XDR unifies detection and response across endpoint (EDR), network (NDR), and cloud with decoys and deception technologies. By coupling XDR with deception technologies, we enable your security operations team to quickly detect and block attacks from sophisticated threat actors, perform deep inspection/analysis of the environment to assess what if any systems have been compromised, and return compromised systems to normal business operations as quickly as possible.
In a recent blog post, Fidelis’ CTO Anubhav Arora does a great job of distilling active defense down to its core elements – an iterative and continuous process of investigation and discovery using threat intelligence, analytics, machine learning, and threat hunting to gain insights into threats impacting your environment. These insights enable your security team to continually tune your defenses and neutralize threats before they can cause damage to your business operations.
Be prepared in case you become the next victim of a big attack by having a response plan in place. Document how business continuity would take place in the event of a disaster or breach. Strategize disaster recovery and how to respond to an attack with supporting playbooks. And take that next step of preparedness by rehearsing your plan on a regular basis through tabletop exercises based on real world threats like a ransomware attack. Additionally, set up offline backups for business-critical data and systems to ensure that you can reconstitute your business-critical systems should a disaster or cyber-attack occur. I also recommend that you have an in-house cyber incident response team in place or have an outside team on retainer, to allow you to take immediate action in the event of an attack. And finally, coordinate your response plan with your organization’s General Council as cyber-attacks can often involve a data breach, which carry a number of privacy and reporting requirements.
With these strategies in mind and in play, your enterprise will be safer and more secure against the full spectrum of threats impacting our networks. While I gave a general overview of these solutions, I provide more details and strategies in my Global CISO Playbook for the New Normal. Ultimately, we’re here to help you detect, hunt and respond to sophisticated threat actors targeting your environment, so you don’t become a victim of the next big attack. If you’d like to know more about our cybersecurity solutions, contact us.