We made it to February! Whew! On my daily walk this morning (yes, even in a snow storm), I was catching up on “Reimagining Cyber”, Cyber Res’s new podcast (it’s great because they’re short episodes – 15-30 minutes each, perfect for my walk), and Dr. Ron Ross was on again with a new podcast, The Evolution from Cybersecurity to Cyber Resilience, as a follow up to his previous Cyber Must Become Resilient. Ron Ross, if you remember, is a Computer Scientist, Fellow at the National Institute of Standards and Technology (NIST), and co-author of NIST SP800-160v2 "Developing Cyber Resilient Systems".
Dr. Ross frames classic cyber security for many as being a one-dimensional, penetration resistance strategy. We build the wall of safeguards as high as we can build it and constantly react to the latest threats and vulnerabilities. It gets overwhelming. And even if we maintain the essential cyber hygiene and do everything right, 5-10% of cyber-attacks are still going to get through.
In his first episode, he talked about how to build a strong cyber resilience strategy and four goals to help achieve that. He also discusses four goals to help build a strong cyber strategy that include:
- Anticipation/preparation: Are you prepared for what’s about to hit you? Do the block and tackle cybersecurity fundamentals against known threats, and then think outside the box. What happens when you get thrown something unexpected? The Solarwinds Sunburst campaign is a good example. What steps can you take to reduce your susceptibility to those unexpected attack vectors?
- How to withstand attacks/resilience: This is an outgrowth of the preparation done for anticipation where you implement those controls and put up your best defense. You’ll be able to withstand 80-90% of attacks, as many hackers try the same old playbook. Pick away at the 10%, adding them to your wall. The unknown will become known. Have a plan in place to bounce back from these.
- How quickly can you spin back up: Every organization needs to be nimble when dealing with an adversary. What works for one organization might not work for another. It’s important that leadership figures out which techniques to use and adapts their response accordingly.
- How to be prepared if it happens again: Ross recommends breaking down impacts by low, moderate, and high severity/impact and prioritizing them accordingly.
In this latest podcsat, he expands on building a strong cyber strategy, adding two additional dimensions: virtualization and space.
“By using virtualization techniques, do those techniques and churn infrastructure faster than their [an attacker’s] attack sequence? Attackers need time on target to breach the perimeter, understand the lay of land, and time to attack,” Ross explains. “Virtualization is churning and refreshing systems faster than they can do damage. Cut their attack sequence.”
He continues, bringing in the third dimension of space or zero trust, things like slowing down an attacker’s ability to move across the system, putting access management into place so the perimeter is shut down and increasing the work factor of the adversary.
Resiliency is also key. Another thing he touches on is a “perfect” strategy.
“Risk isn’t about perfection, it’s about giving the best defenses possible and the best information so they [C-Suite] can make credible risk-based decisions,” Ross said.
I thought this was poignant and could also be used in personal goals as well. Planning for setbacks and being prepared, and making adjustments/tweaking little things (instead of just throwing in the towel after one skipped meal or bad day) based on the information you have.
How are your goals going? How will you prepare for adversaries this year?
Reimagining Cyber is a series of fireside chats hosted by Rob Aragao and Stan Wisseman, Security Strategists with CyberRes, a Micro Focus line of business. In each episode, they will dive into the world of cybersecurity, exploring common challenges, trends, and solutions for today’s CISOs and CIOs. Every two weeks, a new guest—from industry experts to CISOs—will share what matters most to them. Each episode is short and bite-sized, running only 15-20 minutes.
CyberRes is a Micro Focus line of business, focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberResilient.com.