Happy New Year! I, for one, welcomed 2021 with open arms. I always look forward to a new year, don’t you? I love a fresh start! I like to kick off the new year by reflecting on the prior year and then write down some key goals for the new year. I like to post them in a place I can see them daily (yes, I’m one of those people). As I reflected on 2020 the other day, which can only be described as tumultuous, I couldn’t help but think about how quickly things can change, how important flexibility and preparedness are (I don’t think anyone will run out of toilet paper again any time soon!), and how key resiliency is.
In this week’s Reimagining Cyber podcast, Ron Ross, Computer Scientist, Fellow at the National Institute of Standards and Technology (NIST), and co-author of NIST SP800-160v2 "Developing Cyber Resilient Systems", discusses the key elements of a strong cyber strategy and four key goals to strengthen your cyber strategy. I couldn’t help but notice the parallels in cyber to my reflections on the last year.
“For the last 40 years of cybersecurity, we’ve relied on a one-dimensional strategy, building the wall as high as can be, hoping no one gets over,” Ross laments. Now, with more sophisticated adversaries, Ross recommends a blended approach that includes taking what you know, preparing for the worst, and bouncing back quickly. The four key goals for any strong cyber strategy are:
- Anticipation/preparation: Vulnerabilities are growing 10-fold. Block and tackle against what you know, and then think outside the box. What happens when you get thrown something unexpected? How will you reduce this risk?
- How to withstand attacks/resilience: You’ll be able to withstand 80-90% of attacks, as hackers try the same old playbook. Pick away at the 10%, adding them to your wall. The unknown will become known. Have a plan in place to bounce back from these.
- How quickly can you spin back up: Every organization needs to be nimble when dealing with an adversary. What works for one organization might not work for another. It’s important that leadership figures out which techniques to use and adapts their response accordingly.
- How to be prepared if it happens again: Ross recommends breaking down impacts by low, moderate, and high severity/impact and prioritizing them accordingly.
Regardless of your goals, whether it’s to lose ten pounds, or to build a strong defense against cyber attackers, these goals and tips are usable in any situation. As I reviewed my list of goals for the year, I took the above recommendations into consideration, prioritizing the truly important goals, considering how I’d stay focused, motivated, and bounce back from a setback. The comeback is always better than the setback, right?
Will you use these tips to reach your goals (personal or cyber-related)? What have you found are some key ways to bounce back quickly from a setback? Leave you answer in the comments section below, by logging in or signing up for an account.
Reimagining Cyber is a series of fireside chats hosted by Rob Aragao and Stan Wisseman, Security Strategists with CyberRes, a Micro Focus line of business. In each episode, they will dive into the world of cybersecurity, exploring common challenges, trends, and solutions for today’s CISOs and CIOs. Every two weeks, a new guest—from industry experts to CISOs—will share what matters most to them. Each episode is short and bite-sized, running only 15-20 minutes.
CyberRes is a Micro Focus line of business, focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberResilient.com.