I have met different people in the Cybersecurity field. From the resigned ones to the more enthusiastic quest seekers who fought against the low budgets and lack of awareness for all Security matters, I have seen it all. I also met some people from the other side, the dark side of the force if you may, and I found some interesting capabilities of theirs that can be of great help for the good side of the force. The guys from the dark side of the force moved throughout the cyber world in wolf packs. They shared important information among each other and attacked their victims in teams and that brings a question in my mind, why can´t we, from the good side of the force, do the same?
This leads me to one of the biggest challenges we face currently in Cybersecurity, being able to obtain valid, coherent, and contextualized information that will place us in a less reactive position compared to where we are at now when it comes to cyber-attacks. The same way the dark side of the force guys furnish contextualized and coherent information about potential victims with each other so must we also do the same. No man is an island, and this also applies to Cybersecurity, relying only on yourself and to a specific set of technologies is leading towards disaster. Technology will bring you very high-level information that might not be fully contextualized to your own reality if furnished in bulk. The information from CTI enabled technology need to be contextualized to each single reality but that´s a hard endeavor to accomplish, specially alone. Here is where we should act as a wolf pack with several types of different people with different skills sharing in real-time contextualized information about recent and ongoing attacks and do´s and don´t in these situations. The benefit of this is, like in nature, the survival of the herd even if a few members might be lost in the way. Giving a clear message that in a specific Industry or region companies are responding together and being able to receive more contextualized information because they share information with each other will increase their overall resilience to cyber-attacks. This way the first Wolf packs can emerge and divert the Dark side wolves towards more easy targets to attack.
I have seen throughout these years the technology centric approach dwelling with cybersecurity issues that, cyclically, are completely trashed by the newest exploit available and these show up faster than you can imagine and even more dangerous than before. Have you ever wondered why? Why do exploits hit so many infrastructures at once successfully? Behind the clever idea of producing the exploit there is team effort of sharing and learning within the dark side community ways to exploit that helps them to understand where and how to hit. They form wolf packs exploring the weak spots of their prey and where who might be the most vulnerable, and they pass it on this information to others from the pack. They form in true sense wolf packs well organized and feeding each other with information vital to their success, it is clever I must admit.
The technology centric approach of the good side of the force opened gaps to be explored by the Dark side common to each other and that explains, in part, their success. I´m not advocating that technology is not good or that it shouldn´t use but it is clearly not enough, nor the effort should rely only on it. Using the trendy technology because everybody is commenting that might be good it is not guarantee for a sure miracle. In fact, the same way you might adopt a certain technology so will the guys from the Dark side explore it´s gaps and build the next exploit that will hit the largest number possible of Infrastructures throughout the World. Somebody once said to me that the CISs role is the one of the loneliest ever, and it is true, but should it be so, or can we change that? Easier said than done right?! Well, it is true in part, but it is also true that we need to change the mindset of other people not related to Cybersecurity. My first notion being in contact with Cybersecurity professionals is that they lack on few important things that bad guys excel and I´m not referring to technical skills.
Here are a couple of things need to be changed:
1. Don´t isolated yourselves, share important tips regarding Security.
2. Learn to speak the Board language by trying to explain efficiency and cost reduction by including People and Processes in the equation.
3. Don´t rely in a technology unless you have the full notion of what might be its impact in processes and if people will use it efficiently. (I have seen tools of hundreds of thousands of euros being put in shelf because were not used correctly).
4. Expecting that a certain technology itself will produce miracles is also not a good idea.
5. Be motivators, lead the way into a secure state of mind of all people around you. Security is a State of Mind starting by the people who use technology.
6. Acquire as much information as you can from outside sources such as CTI.
7. Don´t rely in data that is reactive.
8. Don´t think about securing, think about how you can and how fast you can save your precious data and get it back running as soon as possible.
9. Inventory of assets according to its criticality.
10. Regular assessments one just once a year for compliance purposes and afterwards keep the report inside the drawer. Remember you can´t improve if you can´t measure!
Keep in mind that the better you plan and evolve all stakeholders the better:
“Hope is not a strategy. Luck is not a control. Panic is not an option.”
By: David Oliveira, International Sales Manager at Hardsecure.