In this Help Net Security interview, Stephanie Hagopian, VP of Security at CDW, discusses offensive strategies in the face of complex cyberattacks and the role of the zero-trust model. The conversation also covers the essential steps for a reactive cybersecurity strategy post-attack, emphasizing transparency and preparedness.
Furthermore, we examine the benefits of adopting a proactive cybersecurity approach, particularly in terms of cost efficiency and crisis management, and explore the impact of offensive security testing on compliance and zero-day response.
Should organizations focus more on offensive or defensive cybersecurity strategies?
The answer is yes. In an ideal world, a robust offensive strategy would negate the need for much defense-in-action, but most organizations can’t make the necessary investments and deploy new tools and processes quickly enough or in a meaningful way to shift the weighting. Both are equally important to bolstering an organization’s cyber resiliency posture.
Creative GenAI engineering coupled with the inherent complexities of managing hybrid infrastructures has resulted in cyberattacks becoming more sophisticated and frequent with a wealth of data at risk of compromise. As security leaders grapple with this digital transformation, they are shifting towards offensive strategies, focusing more on comprehensive risk reduction and less on individual threats so they don’t get trampled by the sheer force of magnitude we’re seeing in the global threat landscape.
A zero trust approach to cybersecurity has become the go-to model for many organizations because it embraces a framework that layers nicely across every possible threat vector. As of 2022, 97% of companies had implemented a zero trust initiative or planned to do so within the next 18 months — up from 16% in 2019. Zero trust requires all users, inside and outside an organization’s network, to be authenticated, authorized and continuously validated for security configuration and posture before being granted access to applications and data. To prepare for what’s ahead, organizations will need to guard against large-scale systemic cyberattacks through continual monitoring and testing, optimize existing software, and increase funding for security tools by making zero trust part of their business strategy.
In the aftermath of a cyberattack, what are the critical steps in a reactive cybersecurity strategy that can help minimize long-term damage?
One critical step in a reactive cybersecurity strategy is transparency. While clear communications with stakeholders have always been important, the US Securities and Exchange Commission (SEC) recently established new rules requiring public companies to disclose their cybersecurity governance capabilities, making it crucial that organizations know how to accurately define and disclose material cybersecurity incidents.
In the event of a cyberattack, companies must be able to answer critical questions about what controls were in place at the time of the attack, what data was exposed or impacted, and how quickly critical vulnerabilities were patched. Having a proactive plan to address stakeholder concerns can help establish trust with employees, investors, customers, and partners, minimizing further damage for everyone involved.
Companies can ensure preparedness for questions like these by creating an incident response playbook with well-defined actions that should be taken following a cyberattack or data breach. Having an IR playbook can ensure that employees understand their roles and responsibilities in a crisis situation, facilitating response time and mitigating the impact of a cyber incident. We oftentimes see organizations not having a sense as to what their state of minimum viability is, which creates a risk of an incomplete IR plan that could create a material financial impact.
Additionally, tabletop exercises that simulate scenarios for both the technical and executive personnel can help ensure that in tandem with an IR playbook, that the full team knows which steps are necessary to restore business functionality. Through a tabletop exercise, employees can test their incident response plans to identify any gaps and evaluate the effectiveness of their strategies.
Despite a company’s best efforts, cyberattacks may still occur as adversaries continue to evolve their methods. That said, if organizations have a strong cyber-resilient strategy in place, they can minimize damage and bounce back swiftly in case of a breach.
What are the top benefits of adopting a proactive cybersecurity strategy, especially regarding cost efficiency and crisis management?
Adopting a proactive cybersecurity strategy allows the time and space for organizations to make data-driven decisions about risk prioritization and resource allocation to mitigate negative outcomes. Organizations can implement preemptive actions such as establishing a zero trust plan (including reducing avenues of potential entry and eliminating nonessential connections) to disrupt systemic cyber risk.
In turn, in the case of a cyberattack, companies can save organizations millions of dollars in preventing unplanned downtime, reputational costs and regulatory fines, among other costs.
Having a proactive mindset on security will help organizations identify and address potential vulnerabilities before they arise, can increase visibility into potential data exposures, and can ease the burden on internal IT teams in times of crisis.
How has offensive security testing benefited organizations by improving zero-day response and compliance requirements?
Offensive security testing can be used to identify technical and configuration vulnerabilities within a company’s enterprise environment. Once these vulnerabilities are detected, risk can be quantified across an organization, allowing companies to make more informed decisions about where to invest and allocate resources. Additionally, security testing can help organizations identify potential gaps in compliance, reducing the risk of regulatory fines down the road.
Can you discuss some of the top tools used in offensive cybersecurity and their roles in enhancing an organization’s security?
Asset discovery and data classification are important tools in reducing risk that could have a profound impact from a business continuity perspective. To secure data and devices, companies must know where data lives, who has access, and what kind of data resides within those systems to identify vulnerabilities. Attack Surface Management is a way to bring threat and vulnerability management together with infrastructure to continuously identify, monitor and manage both internal and external assets for potential attack vectors.
Additionally, leaders are increasingly looking to leverage automation through practice applications of AI in available security solutions to reduce manual inspection and analysis of inbound threats. However, automation must be implemented with a trusted advisor who can plug into the different aspects of their security and risk programs.