Cybersecurity requires constant attention, as the landscape of threats is constantly changing and attackers continue to develop more successful vectors and forms of attack on our systems. Therefore, cybersecurity should not be considered a hobby or a later thought: it is a full-time job. Cybersecurity cannot be an option; weaving cybersecurity into the DNA of all systems, people, and processes should be the objective approach to follow. Adopting this approach will strengthen security capabilities and ensure that the appropriate defense layers needed by the organization are implemented.
One beneficial way to consider this is to imagine barriers that attackers will have to overcome before they can compromise your systems. These barriers should not be annoying to authorized users and should be as transparent as possible. The barriers you adopt should make it difficult for attackers without affecting the accessibility of your users. By ensuring that this balance is achieved, you will have achieved a solid and balanced cybersecurity strategy. One that offers the necessary protection, but not at the expense of the ability of users to develop their function.
Four (not three) pillars of cybersecurity
To achieve a comprehensive strategy, it is critical to consider the four pillars of cybersecurity and the order in which they are assigned. The fourth pillar of security must be attributed to the cybersecurity triad. It has been realized that it is no longer appropriate to consider only the chosen CIA (confidentiality, integrity and accessibility), but a fourth additional factor should be included: access control. Access control ensures that there is always a focus on defense, a vital aspect of cybersecurity. The composition of the company determines the order in which each is considered.
Focused on data
If the company focuses on data, the choice must be considered in the order of the CIA with confidentiality as a priority to defend the data. In addition, access control (the fourth pillar) must permanently adhere to the first pillar (confidentiality).
Delivery of systems and infrastructures
If the company is based on the delivery of systems and infrastructures, the choice must be considered in the order of AIC, with availability as a priority. In addition, access control (the fourth pillar) must be attached to the availability pillar. In this way, the security strategy can be focused so that the security elements you have woven into your organization can be continuously developed.
The above approach can be applied to any company and process, and the security control set can be woven as appropriate and required. The control set includes technical and administrative security controls.
Weaving cybersecurity controls from the first moment
Security from the beginning (cybersecurity genesis) is paramount. The earlier you have these controls (technical and administrative), the more transparent and easy they will be to adopt. Ensuring that controls are included at the beginning of any process and reviewing them often can also improve the user experience, as cybersecurity will be behind the scenes whenever possible.
Most companies have problems with cybersecurity and operations when they are required to implement them as a result. Most companies have not forgotten the controls; however, as companies work at a fast pace and are pressured to deliver systems quickly, cybersecurity often suffers for this reason. While there is now a progression in which companies are considering cybersecurity from the outset, there are still too many projects that consider cybersecurity as an additional element, a complement. Cybersecurity is not additional; it is part of the system and should be treated as part of the stack.
There are hundreds of companies looking for SOC services, indicating that monitoring records and security operations is too complex and is sometimes a later idea. Therefore, considering systems security by building the stack with cybersecurity from the outset is an advantageous approach. Few SOC services can be defended at the required level, as most are “record readers and forwarders,” not “blockages and attacks.” Those that “block and tackle” are expensive. This opens up the opportunity to automate this process and this is happening. The industry is adapting to automate SOC. It seems that all indicators show that automation will be key, eliminating most SOC requirements by the end of 2022.
Find the gaps
If companies don’t find the gaps, hackers will. Therefore, the faster the organization with a system of continuous analysis of differences to identify gaps and correct them, the better. There are many models available to help companies with a structured approach to finding gaps, including ISO27001, NIST800-63, CIS, SANS, and cybernetics; whatever framework or standard you choose to use, it is essential to continue to mature in order for your defenses to withstand the attacker’s constant attempts at penetration.
It is also essential to have a strategy that deals with intrusion and knowing how to get hackers out of the system once they are there and keep them out.
Detection approaches to consider
Hackers can be divided into applications, networks, hosted environments, endpoints, clouds, and any connected system. Sometimes it seems like an impossible task to spot these attackers, but it doesn’t have to be. Several simple strategies, similar to those used by people to defend their home, could be helped. For example, alarms that detect intrusions can be set. Many detection methods are based on records; however, there are also other simpler detection methods for detecting compromise indicators.
Once the alarms are installed, it is essential to vary the detection so that safes can be created that offer the overlap of detections. In doing so, if a detection method fails, another system alerts you and it should correlate. It is essential not to be put off by the seemingly hard task of implementing this detection method. It requires work and effort, but it is worth it, as alarms tend to fail for a variety of reasons and checks and balances are essential when it comes to detecting attackers.
There is a notion of deception, which emulates systems to attract attackers; these function as detection systems to detect attackers, especially malware. These systems are hosted and installed on various platforms, such as private, public, and hybrid clouds, to emulate real systems but with little protection. When malware or attackers find and infect these platforms, the alarm goes off so the security team can act. This can be to lock the system until the attackers or malware are neutralized. Or, disconnect the system until a forensic analysis can be performed to identify the root cause.
It is easier to implement these detection systems before your platforms are released to defend them throughout the lifecycle.
Trajectory towards the maturity of cybersecurity
Ensuring that your systems follow a path to the maturity of cybersecurity, so that defenses are constantly improved, while the company improves its cybersecurity stance, will help defend you from emerging threats. Applying these strategies as soon as possible and as soon as possible in the life cycle will serve the company.
All systems will have their own unique cybersecurity requirements. It is essential to include the defensive aspect, as it is vital to improve the cybersecurity stance. The life cycle of cybersecurity needs continuous improvement, improvement, supervision and operation to ensure proper defense and, the sooner you start, the more protection is provided to the company.
Featured image: Business vector created by Jcomp / Freepik