Cyber Risk Management: How to Succeed by Crowdstrike
By Shawn Henry, President of CrowdStrike Services & CSO
Once the preserve of the IT department, cybersecurity today is a key concern for everyone in an organisation, especially the C-suite. With a host of legal, regulatory, and reputational challenges posed by a security breach, business leaders need to ensure that they understand the nature of the risks they face. This is essential for successfully developing a security roadmap and implementing an enterprise risk management programme. However, as well as understanding the risks, businesses need to ensure that they have a good grasp of the core components that make up a successful cyber-risk management approach:
1. Proactively manage your risks
With the average cost of a data breach reaching $3.8 million, risk management programmes must take a proactive approach. However, the fact remains that many businesses today still struggle to efficiently and effectively detect intrusions, assess the extent of the compromise and engage the right level of assistance to address the problem. This has led to significant delays in breach detection and a rising remediation cost.
In particular, many businesses lack the tools to perform proactive detection. A tendency to rely on internal personnel to fight fires without the necessary automation and managed response also compounds the challenge. Whether it’s a call to outside legal counsel, a computer incident response firm, a public relations/crisis management company, or all three, potential engagements should be pre-arranged. Contracts should be signed and ready to go, costing the company nothing unless and until they use them, but allowing for quick deployment.
2. Ensure your endpoints are covered
Today’s threat landscape is constantly evolving and more often than not, adversaries find ways to penetrate corporate networks and execute code at the system’s endpoints. So, the traditional ‘defence-in-depth’ approach to cybersecurity, which focuses on defending an organisation’s perimeter leaves adversaries free to operate without threat of detection once inside, because nobody is looking. This in turn opens businesses up to damaging breaches, including the likes of credential theft.
With this in mind, organisations need to employ technologies that continuously monitor their endpoints. This level of visibility is critical for making the transition from reactive security to proactive hunting and detection. Aggregating intelligence in this way, and looking for anomalous behavior across the enterprise, will help to identify indicators of attack. If adversary activity can be identified expeditiously, businesses will be empowered to isolate and mitigate the impact on the network.
3. Take advantage of the cloud
Many companies are already making the most of the cloud on an operational level, enabling a more efficient workforce, and providing access to the likes of email and corporate documents from anywhere in the world. However, the cloud also opens up a world of advantage when it comes to protecting email servers, supporting data privacy and integrity, and protecting intellectual property from cyber theft.
The next-generation security approach utilises the cloud to provide pervasive protection throughout the enterprise – with lower cost and reduced management overhead, while adding significantly increased performance, agility and scalability.
Furthermore, the real-time and highly scalable nature of the cloud model lends itself to creating ‘community- immunity’ by crowdsourcing information on evolving threats and supporting large-scale data models that can recognise and prevent attempted intrusions. Cloud-based solutions can also maintain the highest levels of data privacy and information protection, while at the same time, preventing adversaries from obtaining and reverse-engineering the technology.
4. Make the most of your threat intelligence
Threat intelligence is an extremely valuable tool for organisations when used holistically to protect them. In fact, an increasing number of businesses the world over are using it to counter various adversaries. Of course, the manner in which organisations employ this intelligence differs greatly; some use it in a reactionary fashion, seeking indicators of compromise that can alert them to the presence of an attack. Others rely on intelligence to provide a warning to identify when attackers are posturing for an attack, by looking at various underground sites or hacker discussion forums for clues that an attack is imminent. What’s more, a few organisations have embraced intelligence as a continuous process, which is meant to provide visibility and guidance to decision makers across the business.
The goal for businesses should be for intelligence to both fuel the technology and empower decision makers with timely and relevant information to enable them to make better decisions.