In any rapidly changing or fearful time, we’ve always found that it’s most helpful to contribute where we can, to help move each other forward and bring hope.
While I’m not an expert in the details of healthcare and specifics to COVID-19, there are many parallels in this world crisis — especially in how it affects businesses — and the cyber security crises that the CISOSHARE team sees every day.
In the world of cyber security, we’re used to operating in situations where fear is running rampant and resources are constrained in a business setting. We also manage situations constantly where the activities of employees within their personal lives, can intermingle with their business lives and thus cause large-scale impacts on the business.
This is every organization and associated security program that I have been in over the last 20 years of my career. From some of the largest security breaches, to smaller ones in unique situations, here are some of the tips we recommend to any security leader to help make progress during the current event world landscape.
1. Thoughtfully “Do Something”
We suggest finding trusted sources of information, measuring your organization’s current situation, and then finding a way to move forward with information and integrity.
In situations where we seem powerless, such as an escalating cyber security incident, or a spreading virus, it often leads to one of two reactions in humans. First, it instills apathy and hopelessness, leading to inaction. The other, which is the complete opposite reaction, are often drastic moves or a series of rash decisions with inconsistent logic.
If you are a cyber security leader and need some ideas to spark some informed “do something” ideas specific to your cyber security efforts, we have a list of tactical actions that your team can take.
For security leaders, we suggest finding trusted sources of information, measuring your organizations current situation, and establishing a plan to move forward with integrity and information.
One final note on this, be compassionate with people and try not to judge their decision-making process or whatever their “doing something” is. It’s important to show compassion and empathy during these times, since we’re all in this together.
2. Establish Strong Communication
Your communication channels should be defined for how information should come into your security program, as well as how it should leave it. Your communication system should consider channels across the business’ departments, as well as from the top levels of management down to every employee.
One of the biggest issues we see during large-scale cyber security incidents in organizations is the lack of an established communication system to move relevant information around the business.
A perfect example is during a ransomware incident where the ransom duration for action by the organization expires, the business systems are then encrypted and lost, all before the board even had a chance to be informed and decide on what they should do. Establishing an effective communication will give organizations and their teams more time to act, reducing the time and effort it takes to respond to a potential incident.
Beau Woods, Founder and CEO of Stratigos Security, shares his insight: “Just like in population health, communication is key. Reporting potential issues, without blame, to IT stems an outbreak. Consistent, clear communication to employees orients and empowers them.”
Now, as many organizations have their employees working from home, which will most likely create more cyber security risk for any organization by itself. Make sure you have an implemented model for giving and receiving communication from your security program that your employees are aware of.
3. Perform Practical Situational Measurement
Moving forward with practicality and common sense in your measurement activities is better than gathering no data at all.
Before you can move forward in a thoughtful manner, you need insight and data to support your decision-making. In cyber security, we do this a great deal with assessments. Here are some quick things to keep in mind to get the most out of your measurement activities right now.
First, the longer and more comprehensive the measurement analysis, while more accurate, the more time it takes. Take advantage of good measurement when it will be more effective than longer, more detailed measurement activities. This is even more important if the inputs for your analysis are not great or available, which is something that has always been very common in cyber security.
An example of this is trying to measure your susceptibility to phishing attacks at your organization by getting real data on how many phishing attacks your organization is currently receiving, even if this isn’t technically possible.
If you can’t get access to your desired data inputs for measurement, look for other inputs that can be used to move you forward. There are almost always ways to find inputs that can move measurement activities forward.
4. Scenario–Based Planning
Identify and carry out practical measurement activities as discussed in the previous tips. Gather stakeholders in your organization to brainstorm a situation and a plan, even if the results aren’t formally documented. It’s better to start putting a plan in place, rather than doing nothing at all.
There are many aspects in cyber security where we have best practice planning facilities that are supposed to help us in our planning efforts. For example, business continuity planning, incident management, and/or budget planning activities, just to name a few.
Due to the newness of our discipline as well as its ever-changing nature, however, is that these plans are often documented and compliant with best practices but aren’t realistic or mature enough to be helpful in times like these.
Our suggestion here is not to let this hinder you from scenario-based planning based on issues your team decides are important. Some scenarios to consider might be how your organization responds to an incident amidst the COVID-19 activity, enhancing your security safeguards while people work from home, and dealing with single points of failure in your security teams.
We spoke to Brad Taylor, Proficio’s CEO to ask him what his team is doing to address security concerns in the current climate. “As you know all too well, the wolves often attack when the heard is distracted. Remote access facilities to organizations is often a primary target for attackers,” he shares. To combat this, he and his team have been working with clients to add VPN, O365, and other remote application resources to aid log collection, monitoring, and active defense response SOC services. “We have developed sophisticated and accurate use cases, baseline, and machine learning technology to discover advanced attacks on VPN and O365 resources. We have also added more reporting, online search, and dashboard resources for our Clients around VPN and remote worker resources.”
Oftentimes, people get too focused on strict best practices and developing associated deliverables instead of focusing on the process and collaboration aspects of generate these deliverables. It’s the process and the insight that holds the most value in these situations, not just polished deliverables.
5. Tactical Execution with Strategic Vision
Design a tactical execution capability so everyone knows how to work together to complete tactical tasks that bring you closer to your strategic vision.
Our world and decisions are changing so rapidly right now that tactical execution is going to be critical for any security program to be effective through the year. This doesn’t mean that your team needs to make every change under the sun as soon as a new development becomes available.
However, it does mean trying to establish your communication system for moving information and identifying trusted sources for getting this information now, as well as measurement methods associated with your planning and decision-making activities. Next, you need to establish how you will tactically execute your decisions via a concise process.
Finally, where possible during this process, measure tactical program changes made to the overall strategic objectives of your program. Beau Woods also shares, “If you know where you’re going, new developments can accelerate your time to get there.”
If your team doesn’t have strategic objectives, now is probably as good a time as any to still define them, even if you recognize that you will probably need to move more tactically over the coming months.