Over the past few years, a pattern has emerged in the type of events that organisations were consistently more worried about or interested in terms of networked-based detection and response technologies.
“Interestingly, it wasn’t opening suspicious email attachments or web browser drive-bys that they were most concerned about. There are strong technological controls and processes in place to deal with the vast majority of threats in those vectors. Nearly all organisations have reached a risk-appropriate cyber maturity level from these well-known patterns of attack and feel comparatively resilient, as they have invested in multiple security technologies spanning the entire MITRE ATT&CK chain. They can even confidently identify late stage techniques and tools that are ‘living off the land’,” said Andre Kannemeyer, CTO at Duxbury Networking, distributors of the Armis agentless devices security platform.
“Instead, the events that organisations were most interested in were almost always directly related to uncovering the ‘land’. These were the events that they feel less resilient to, as they represent a blind spot in the application of risk management. If you have a robust understanding of what the land looks like, you can mature a cyber capability to deal with threats that would attempt live off it. In simple risk terms, if you don’t know the land, you can’t manage what’s in it,” added Kannemeyer.
In January 2020, the World Economic Forum released guidance designed to help organisations in the aviation sector advance their cyber resilience endeavours.
The guidance actually transcends aviation and is appropriate to any industry sector and every type of organisation.
8 questions to help you become cyber resilient
The World Economic Forum’s initiative poses eight questions that organisations should ask themselves to assess and advance their levels of cyber resilience:
- Does your organisation’s approach to information, cyber, and IT risk management take full consideration of the risks posed by emerging technologies such as IIoT?
- Does your organisation understand the impact of emerging technologies on its attack surface – both outside and within the organisational and network perimeter?
- Does your organisation’s cyber resilience strategy, risk scenarios and incident planning exercises take full account of system and data integrity risks, as well as confidentiality and availability?
- With ongoing changes in connectivity, technology, and business practices, how do your organisation’s cyber and safety risks interconnect?
- Does your organisation have a clear understanding of the risk posed by its supply chain and partners across its ecosystem, including manufacturers, support partners, and infrastructure operators?
- How can your organisation develop and maintain effective baselines of cyber capability?
- How can your organisation continuously monitor cyber risks?
- How can your organisation build an industry database that enables minimum standards to be set, and industry-wide leveraging of best practice?
These eight questions progress an organisation’s cyber resilience by challenging the three pillars upon which cyber resilience is built.
The first two questions relate to visibility; how much of your organisation’s critical infrastructure is visible. Can you fully see the extent of risk upon your attack surface?
The second pillar of resilience is maturity and is tested in the next three questions (3-5). Do you truly have a 360° view of risk and how it might manifest, from all of your digital surfaces, including third parties?
The third pillar of resilience is capability. How rich is your ability to measure, detect, respond and learn, questions of capability are challenged in questions (6-8)?
The World Economic Forum’s cyber resilience initiative lays down guidance for best practice baselining and measurement of cyber resilience as a continuous and always-improving process via all three of the pillars.
It is initiatives like Advancing Cyber Resilience from the World Economic Forum that will promote a common risk criteria and encourage a robust understanding of what is valuable to resilience in cyber operation centres across every industry sector throughout 2020 and beyond.