Significant data breaches have become a common occurrence. Just last month, Expedia-owned Orbitz revealed that it had been hacked and 880,000 customer records, including credit card numbers, were likely stolen.
A statement from Expedia indicated that the breach took place between October and December 2017 – exposing a lag time of about six months between the large-scale breach and its disclosure.
Is this kind of lengthy time lag surprising? Perhaps not. According to Verizon’s 2018 DBIR (Data Breach Investigations Report), 68% of the 2,216 breaches it documented took months to discover, or longer. This statistic underscores how far most of us need to go in developing defenses against the “dark side.”
The Secret Sauce: A Cyber Maturity Roadmap
What makes the process of developing cyber resilience so difficult? For one thing, many companies pay top dollar to undergo cyber security assessments that are geared toward meeting regulatory compliance; but no more than that.
Assessments geared toward compliance, though effective in helping organizations meet the regulations, do not necessarily generate cyber resilience – and even when implemented fully, they may not reduce the risk of cyber attack. For genuine cyber maturity – the kind that reduces risk – a more hands-on approach to cyber defense is required that accurately maps out an organization’s readiness for a cyber incident.
So where does your organization stand in terms of cyber resilience and maturity?
If you completely lack an approach to cyber defense – or if you held initial discussions, but plans didn’t get off the ground – it’s time for your organization to pull its head out of the proverbial sand and start development from the ground up.
Perhaps, however, you have a system in place; and what’s required is an accurate assessment of its capabilities, and the decision to develop it further and reduce risk.
Cyber resilience takes time to achieve, and is obtained through careful planning and thorough implementation. The following roadmap of the 5 levels of cyber maturity will help you identify what’s necessary for your organization.
Level 1 – Reactive
Many organizations have a cyber defense system that is actually of little use. In some cases, the system was implemented when the organization was smaller and it wasn’t designed for scalability. In other cases someone was appointed as security officer, but practically doesn’t have time to maintain the system. Or perhaps the system is disorganized and randomly assembled. Whatever the reasons, this type of system is not doing enough.
Level 2 – Proactive
Some organizations have a functional cyber defense system but it is limited in its ability to respond to threats in real time. If a system requires frequent manual interventions, this severely impacts its ability to provide a quick response. Cyber resilience requires a system that automates the prioritization of events.
Level 3 – Preventative
GDPR and corporate governance policies require organizations to meet compliance levels and requirements, and many cyber defense platforms are built for these needs. Gartner’s report Magic Quadrant for Managed Security Services, Worldwide defines what this type of system entails: demonstrating due diligence to stakeholders, regulators, and authors; providing real-time monitoring and incident response (including thresholds, triggers, and severity ratings); and having procedures for event management and data leakage prevention.
While this represents a high level of security, hackers don’t play by the rules – and today’s mindset of merely being compliant is no longer sufficient to protect your critical business assets.
Level 4 – Predictive
In too many cases, organizations get an “A” in their cyber security assessment with a system that meets all governmental requirements – just to be breached months later. Why? Reducing risk requires taking things further with advanced analytics, creating a predictive cyber defense system that anticipates control failures and the actions of adversaries as they target critical assets.
As defined in Gartner’s Magic Quadrant, for a solution to be effective – it must incorporate large-scale data collection and analytics that include statistical and behavioral functions, allowing a system to stay ahead of cyber criminals by identifying events on the sector and organizational levels.
Yet, even advanced analytics cannot provide full cyber resilience. There’s one additional level necessary.
Level 5 – Disruptive
To avoid major security breaches, an organization needs to disrupt adversaries by gathering and analyzing threat intelligence. The power of a high-level cyber defense system lies in how it conducts and leverages extensive research into emerging threats – using big data and AI to identify attacks, and defining threat levels based on intelligence gathered for a specific organization.
A solution of this kind also supports behavioral authentication processes, eliminating passwords and utilizing continuous authentication such that decisions are made in real time about user identity and access. The system further reduces risk by monitoring new data sources (endpoint, network, and user) and including them in its advanced analysis.
Keep Your World Safe from Cyber Crime
Effective cyber defense requires, first and foremost, an in-depth assessment that gauges an organization’s current protection level across key areas, including: asset management, identification and access, asset inventory, vulnerability management, incident management, policy and standards, configuration and controls, and monitoring.
By accurately defining the current status of your organization’s cyber maturity, it becomes possible to formulate a strategic cyber protection framework.
Today’s cyber defense systems must provide ongoing value for money by being agile, making the best use of security spend by optimizing regulatory and cyber defense maturity together. The CyberProof Defense Assessment aligns cyber security priorities with business context, optimizing and balancing across all security controls through cyber defense operations and cyber maturity projects – proving outcomes in terms of return on your investment over time.
Do you have questions about how CyberProof can help you develop a hybrid SOC? Contact us today!