Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

egarding the use (or not) of various cybersecurity measures against their cost, and most have chosen to implement at least some protective measures. So, yes, the corporate world has learned that not taking measures to safeguard their networks would likely negatively impact their bottom lines at some point; however, I would again say no to whether they generally do enough or to whether they’re generally using the appropriate tools. Also, why do we still need to tell a story about cybersecurity to change corporate culture and get serious funding for security? Just walk around your organization, and everyone is on the network. Without it, little work gets done and productivity drops significantly. If this tool is so important, why do we not treat it as such? If Gartner’s data is accurate, lessons are coming slowly to many corporations: • By 2025 ONLY 40% of boards of directors will have a dedicated cybersecurity committee • By 2025, ONLY 70% of CEOs will mandate a culture of organizational resilience to combat threats Another lesson still being taught: Do most corporations know they should be enforcing updates for known security vulnerabilities that have been documented and announced by respective cyber communities to keep us all safe? The answer is yes, but do most of them do enough or do it effectively? That answer is no. Otherwise, consistently updating computers and keeping them current with the latest patches/security fixes across the enterprise would stop 99% of vulnerabilities exploited to date. Inconsistent system updates greatly expand cyber vulnerabilities and risks. If this is known and understood, then why is it seemingly so difficult to succeed at attaining effective cybersecurity? It’s because many companies don’t effectively cultivate three critical components of their cybersecurity processes: 1) people, 2) culture and 3) technology. We must have people who follow the security processes, a corporate cyber culture that supports its people and the processes, and the technology to implement the processes, when necessary. If we agree these are three critical components of effective cybersecurity processes, then we must remember that people are trainable; the culture can be fixed with training and leadership from senior management; and technology is constantly adapting with the use of artificial intelligence and machine learning. Strengthening cybersecurity processes through people, culture, and technology costs corporations valuable time and money, so it’s wise to use these three resources in the most practical and beneficial ways possible. This often means that the latest and greatest technologies or programs aren’t actually necessary to achieve effective cybersecurity. As an example, look at zero trust. It is an architecture and not a technology, but the cybersecurity industry very often wants customers to buy all new equipment to implement zero trust. This ends up helping the bottom lines of the said cybersecurity companies, but are organizations any safer? That is often arguable, but even newer tools have no better chance of succeeding than in the past unless the people using them use them appropriately, born out of a culture that teaches and supports such use. Aside from malicious actors themselves, if we believe people, or network users, are one of the biggest threats in the cybersecurity realm, an immediate and cost-effective fix is to engender a culture of cybersecurity professionalism in our everyday users. Train the users to not only prioritize necessary updates on their systems but to follow other cyber hygiene measures regarding the use of email, the Cyber Defense eMagazine – March 2022 Edition 44 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
internet, etc. How much training is sent to the employees? Is it completed, and is it a priority? Do the employees understand the risks associated with not following proper cybersecurity processes? And is the example of being a good cybersecurity steward exemplified from the top down—does it begin at senior levels within the company? This is often the best way for culture to be impacted. A great example of how senior levels can set the example can be taken from Netflix and the implementation of their leave policy, which is to say they have no complex leave policy. As long as people complete their work and don’t leave anyone else in the lurch, employees may take leave when and where they’d like. Employees were initially disbelieving; however, when Reed Hastings, the chairman of Netflix, and the leadership staff posted photos of their respective vacations, it changed the culture quickly because everyone could see the boss was embracing the company’s approach to leave. This leave approach certainly wouldn’t work in all organizations, but that is beside the point. It’s an example of how leaders in an organization can positively influence their employees. With predictions that threat actors will weaponize operational technology environments to cause human casualties by 2025, and with the influx of over-the-air updatable programmable logic controllers and continued malicious attacks on our SCADA networks, it’s more imperative than ever to learn from and apply the cybersecurity lessons of the past. We are starting to see more broad negative effects of breached or attacked systems on administrative networks today. Not only may companies have to stop operations temporarily, but entire supply chains can be affected, which ultimately can affect the entire country. As IT and cybersecurity professionals, it's our duty and challenge to push industry executives to prioritize cybersecurity as a high-interest item in the funding drills corporations exercise yearly. We must motivate them to continue to bake-cybersecurity-in from the initial design and conception phases of budgeting versus tacking it on at the end of the process. To prevent cyber attacks such as those on Sony in 2014 or more recent examples such as Colonial Pipeline or JBS meat processing, we must use all the tools at our disposal and more effectively apply the cybersecurity lessons of the past. This means not only budgeting and applying funds to cybersecurity but also cultivating strong cybersecurity processes via three main components: people, culture and technology. As Gartner pointed out, “99% of vulnerabilities exploited will continue to be ones that teams knew existed.” Cyber Defense eMagazine – March 2022 Edition 45 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Why Changing Classified Document St
Page 3 and 4: Tips And Trends for OT Cybersecurit
Page 5 and 6: @MILIEFSKY From the Publisher… De
Page 7 and 8: Welcome to CDM’s March 2022 Issue
Page 9 and 10: Cyber Defense eMagazine - March 202
Page 19 and 20: level of concern while working remo
Page 21 and 22: The Fragility of a GPS Centric Worl
Page 23 and 24: Formerly known as LOng-RAnge Naviga
Page 25 and 26: The Role of The CFO In Enterprise C
Page 27 and 28: Help them mitigate potential risks
Page 29 and 30: The Safest Ways for Bitcoin Trading
Page 31 and 32: and clear instructions through a "N
Page 33 and 34: According to Cybereason’s “Rans
Page 35 and 36: If you implement these three tips,
Page 37 and 38: • Nearly half of zero-day malware
Page 39 and 40: Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43: Have We Learned from Our Past Mista
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96:
5 Ways Cybersecurity Will Change In
Page 97 and 98:
#3: Supply chains will be the big r
Page 99 and 100:
Executive Order Instructs Certain O
Page 101 and 102:
• Stay ahead of fraud. Fraud cost
Page 103 and 104:
Too Hot to Handle:The case for Zero
Page 105 and 106:
Critically, endpoint security only
Page 107 and 108:
To prevent lateral movement attacks
Page 109 and 110:
Redefining Resilience in The New Wo
Page 111 and 112:
About the Author Andrew Lawton is C
Page 113 and 114:
Cyber Defense eMagazine - March 202
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
CyberDefense.TV now has 200 hotseat
Page 137 and 138:
Books by our Publisher: https://www
Page 139 and 140:
show all

Cyber Defense eMagazine March Edition for 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?