2024: Practical cyber action plan- Survive and thrive

'Cyber insecurity' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024  report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year.

How can businesses implement proficient cyber capabilities in an era where cyber threats from criminals and hacktivists are escalating in complexity and magnitude? This is crucial for adapting swiftly to the constantly evolving security challenges and confidently pursuing growth through digital innovation in products, services, and organizational transformation. In today's rapidly changing cyber threat environment, Chief Information Security Officers (CISOs) and security operations teams must adopt forward-thinking strategies. These strategies should focus on quickly identifying and addressing the most pressing vulnerabilities in their digital environments. Cyber attackers' increasing sophistication and speed have prompted organizations of various sizes to re-evaluate their legacy systems, governance policies, and overall security stances, aiming to align with the latest industry standards

The shift towards digital platforms and the widespread adoption of cloud technologies have expanded the avenues for cyber-attacks, consequently enlarging the attack surface. This growing attack surface includes vulnerable systems, compromised data, and unauthorized assets, highlighting the necessity for a consistent and ongoing security strategy. This strategy should be centered on managing and mitigating threats efficiently and accurately. Security leaders are becoming increasingly aware of the importance of such an approach. Its effectiveness and streamlined methodology significantly enhance cyber resilience by prioritizing the most urgent risks for immediate response and remediation.

What is top of mind for the CISO in 2024?

• How do we build a cyber security ecosystem that can manage the threats and opportunities of the future?
• How do we ensure future technologies are secure by design, not as an afterthought?
• How do we anticipate the threat picture will change as new technologies, like AI and quantum computing, develop?

Must haves for CISOs in 2024

• Protecting privacy
• Protecting critical assets
• Mitigating risk
• Minimizing disruption
• Maintaining compliance
• Establishing and maintaining "CRUST" (credibility and trust)
• Ensuring secure productivity & efficiency

At the top of the list of issues driving cybersecurity concerns include:

• Growing number of hackers/cybercriminals.
• Evolving threats & advanced skillset of criminals.
• Privacy concerns handling other's data.
• Generative AI

Practical action plan:

Proactively understanding your expanding attack surface, prioritizing risk management efforts, and building resilience helps achieve the following:

1) Prevents breaches & minimizes the impact of a potential breach

Enhance the effectiveness of the Security Operations Center (SOC) by reducing the volume of security incidents, events, and breaches impacting the SOC over time. Adopt a proactive, preventative approach that bolsters cyber resilience quickly and improves security maturity year-over-year.

2) Reduces cybersecurity risks

Real-time risk reduction is often impractical due to business constraints and a backlog of pending security issues. Focus on prioritizing risk reduction actions and optimizing resource allocation while ensuring cybersecurity risks are effectively addressed despite team constraints, resource limitations, and competing priorities.

3) Strengthens cyber resilience

Cyber resilience demands long-term investments and a strategic approach that may span several years. Strengthen the overall cybersecurity strategy to better navigate the challenges of cyber threats and enhance their cyber resilience over time. Incorporate a cybersecurity governance team comprised of members from multiple business functions to ensure alignment with business goals and objectives.

Define the process:

Organizations should adopt a systematic process for assessing cybersecurity risk, which fundamentally incorporates the broader business concerns. Building your security program begins with having a dynamic view across the entire cyber estate, comprehending not just a list of technical assets but their control gaps and how they relate to each other and the broader business. The ever-changing landscape fosters complexity, and the illustration below represents "hot buttons" that are top of mind in 2024:

Leveraging these "hot buttons" to formalize a process yields the following steps:

• Define critical business and technical processes.
• Map high-value business assets, such as services, applications, and data sources, as well as security architecture, trust boundaries, sensitive data flows, and attack paths.
• Define risk appetite, priorities, target improvements, and baseline current security posture.
• Discover internal and external-facing assets and identify vulnerabilities and misconfigurations.
• Scan internal and external attack surfaces for vulnerabilities, misconfigurations, and security weaknesses.
• Audit security controls configuration and effectiveness.
• Evaluate identity and access control policies and entitlements.
• Perform breach and attack simulations to uncover security gaps.
• Create a risk-profiled asset inventory by aggregating and correlating data and findings.
• Monitor the dark web to find stolen or leaked information, including compromised passwords, credentials, intellectual property, or other sensitive data.

Threat assessment and response:

A threat assessment is a process for evaluating the impact and likelihood of perceived threats, and it is an essential part of a risk management plan. Once you have identified a threat and assessed the likelihood and impact, you must also assess your response. A standard approach can be one of the most significant benefits of threat assessments, and consistency is crucial in driving accountability. The following questions can help organizations understand the effectiveness of current threat assessments and responses:

• Did our organization identify this threat?
• Did we properly assess the likelihood?
• Did we properly assess the impact?
• Was this threat avoidable?
• What controls did we have in place for this threat?
• How effective were our controls?
• How quickly were we able to respond?
• Was our communication effective?
• Did we have the proper resources to address the threat?

When conducting a threat assessment, it is critical to document the risk scenario. Risk scenarios must include elements of threat event, vulnerability, asset, and consequence or impact. This information is best delivered with an execution summary, enabling the governance team to determine treatment according to business goals and objectives.

This is a critical blueprint for organizations to fortify their defenses in an increasingly digital world. It underscores the imperative for CISOs and security teams to be proactive, adaptive, and innovative in combating sophisticated cyber threats. By prioritizing SOC effectiveness, risk management, and cyber resilience, businesses can safeguard their digital assets and navigate the complexities of the cyber landscape. This continuous, vigilant approach is a strategy and a necessity for enduring security in our ever-evolving digital era. Such commitment to cybersecurity is essential for organizations to thrive and confidently pursue digital transformation.