Cybersecurity requires constant attention as the threat landscape is continuously changing, and attackers keep developing more successful attack vectors and ways into our systems. Therefore, cybersecurity should not be considered a hobby or an afterthought — it’s a full-time job. Bolt-on cybersecurity must not be an option; weaving cybersecurity into the DNA of all systems, people, and processes should be the targeted approach to follow. Adopting this approach will reinforce the security capabilities and ensures that the appropriate defense layers that the organization needs are implemented.
A beneficial way to consider this is to imagine barriers that attackers will need to overcome before they would be able to compromise your systems. These barriers should not be cumbersome to your authorized users and should be as transparent as possible. The barriers you adopt should make it more difficult for attackers without affecting accessibility for your users. By ensuring this equilibrium is achieved, you will have gained a sound and balanced cybersecurity strategy. One that offers the required protection, but not at the expense of your users’ ability to undertake their function.
Four (not three) pillars of cybersecurity
To achieve a comprehensive strategy, it is essential to consider the four pillars of cybersecurity and the order in which they are attributed. The fourth pillar of security should be attributed to the cybersecurity triad. It’s been realized that it’s no longer appropriate to consider only the CIA (confidentially, integrity, and accessibility) triad, but an additional fourth factor — access control should be included. Access control ensures that there is always a focus on defense, a vital aspect of cybersecurity. The company’s make-up determines the order in which each is considered.
If the company is data-centric, the triad should be considered in the order of CIA with confidentiality first as the priority to defend the data. Additionally, access control (the fourth pillar) should be permanently attached to the first pillar (confidentiality).
Systems and infrastructure delivery
If the company is systems and infrastructure delivery based, the triad should be considered in the order of AIC with availability first as the priority. Additionally, access control (the fourth pillar) should be attached to the availability pillar. In this way, the security strategy can be focused so that the security elements you have woven into your organization can continuously be developed upon.
The above approach can be applied to any company and process, and the security control set can be weaved in as appropriate and required. The control set comprises the technical and administrative security controls.
Weaving in the cybersecurity controls from the get-go
Security from the beginning (genesis cybersecurity) is paramount. The earlier that you weave in these controls (technical and administrative), the more transparent and easier they will be to adopt. Ensuring that the controls are included early on in any process and reviewing them often can also improve the user experience as cybersecurity will be behind the scenes wherever possible.
Most companies struggle with cybersecurity and operations when they are required to apply it as an afterthought. Most companies have not forgotten the controls; however, as companies work at pace and are pressured to deliver systems quickly, cybersecurity often suffers for that reason. Although there is now a progression whereby companies are considering cybersecurity from the get-go, still far too many projects see cybersecurity as an additional item, an add-on. Cybersecurity is not additional; it’s part of the system and must be treated as part of the stack.
There are hundreds of companies looking for SOC services, which indicates that monitoring the logs and the security operations are too complex and sometimes an afterthought. Therefore, considering the security of the systems by building the stack with cybersecurity from the start is an advantageous approach to take. Few SOC services can defend at a required level, as most are “log readers and forwarders,” not “block and tackle.’” Those who “block and tackle” are costly. This opens up the opportunity to automate this process, and this is happening. The industry is adapting to automate the SOC. All indicators seem to be demonstrating that automation will be mainstream, removing the majority of SOC requirements by the end of 2022.
Finding the gaps
If companies don’t find the gaps — the hackers will! So, the quicker the organization has a continuous gap analysis system to identify gaps and remediate them, the better. Many models are available to help companies with a structured approach in finding gaps, including ISO27001, NIST800-63, CIS, SANS, and cyber essentials; whatever framework or standard you choose to use, it is essential to keep maturing so that your defenses stand up to the attacker’s constant penetration attempts.
Having a strategy that deals with the intrusion and knowing how to get the hackers out of the system once they are in and then keep them out is also essential.
Detection approaches to consider
Hackers can break into applications, networks, hosted environments, endpoints, clouds, and any connected system. It sometimes seems an impossible task to detect these attackers, but it does not need to be. Several simple strategies could assist, similar to ones that people use to defend their homes. Alarms that detect intrusion, for example, could be set up. Many detection methods are based on logs; however, other more straightforward detection methods also exist to detect the indicators of compromise.
Once the alarms are in place, it is essential to vary the detection so that fail-safes that offer overlap in detections can be created. In doing so, if one detection method fails, you are alerted by another system, and these should correlate. It is essential not to be put off by the seemingly arduous task of implementing such a detection method. It requires work and effort, but it’s well worth it as alarms tend to fail for various reasons, and checks and balances are essential when detecting attackers.
There is a notion of deception-ware, which emulates systems to lure attackers; these do work as detection systems to detect attackers, especially malware. These systems are hosted and installed on various platforms like private, public, and hybrid clouds to emulate real systems but with low protection. When the malware or attackers find and infect these platforms, the alarm is raised so that the security team can take action. This might be to lock down the system until the attackers or malware is neutralized. Or to take the system offline until forensic analysis can be performed to identify the root cause.
It’s easier to implement these detection systems before your platforms go live to defend the platforms for the entire lifecycle.
Trajectory to cybersecurity maturity
Ensuring that your systems are on a trajectory to cybersecurity maturity so that the defenses are improved constantly while the company keeps improving the cybersecurity posture will help defend against emerging threats. Applying these strategies as soon as possible and as early as possible in the lifecycle will serve the company well.
Every system will have its unique cybersecurity requirements. It is essential to include the defense aspect as this is vital in improving the cybersecurity posture. The cybersecurity lifecycle needs continuous improvement, enhancement, monitoring, and operation to ensure adequate defense, and the sooner you start, the more protection is afforded to the company.
Featured image: Business vector created by Jcomp / Freepik