Three Stages to cyber-situational awareness and more effective cyber-security

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.scmagazineuk.com/three-stages-to-cyber-situational-awareness-and-more-effective-cyber-security/article/449756/

Social media, mobile computing and cloud services have changed the way we
do business. But while we take advantage of the business benefits these new
technologies offer, many organisations are unaware of how they look online
to the world at large and to their would-be attackers.

As we operate in this digital world we leave behind a digital footprint –
an electronic trail of activities. A subset of a digital footprint, a
digital shadow consists of exposed personal, technical or organisational
information that is often highly confidential, sensitive or proprietary. As
well as damaging the brand, a digital shadow can leave your organisation
vulnerable to corporate espionage, competitive intelligence and devastating
cyber-attacks launched by criminals and hostile groups.

In this digital world, protecting the perimeter is no longer sufficient.
Adversaries are no longer merely watching networks and endpoints to
determine how they will attack, but actively surveying digital shadows,
identifying vulnerabilities and launching attacks.

Organisations need new ways to protect themselves. While cyber-threat
intelligence (CTI) has helped evolve the effectiveness of our defences by
providing a better understanding of threats and threat actors, we need to
do more. Data feeds, vulnerability feeds, indicators of compromise (IOCs)
and profiles of threats and research reports will continue to be pertinent.
But what's lacking is cyber-situational-awareness that provides a more
holistic and specific view of threats and vulnerabilities relevant to your
organisation.

Cyber-situational-awareness can help your organisation to understand what
is happening around you so that you can make better informed decisions
about how to defend yourself. But it takes time, effort and resources.

So how do you move your security practices in this direction? This
three-staged approach can help. And at each stage you'll see real benefits.

*Stage 1 – Perception.* Building on the internal information and CTI feeds
you already gather to understand threats, the focus of this first stage is
on understanding how you are perceived by hostile threats. By understanding
where key information assets, employee credentials and sensitive documents
are being exposed online, an organisation can understand where it is likely
to be most vulnerable. Data sources include social media, web forums
(public and private), IRC chats, email and video. The perception stage
provides the basis for better cyber-situational-awareness and in and of
itself provides significant new insights that you can immediately act upon
to address vulnerabilities or behaviours that violate policies.

*Stage 2 – Comprehension*. With data about yourself and your attackers, the
next step is to apply context to make sure the information is relevant and
meaningful to your specific circumstances. You do this by ensuring that the
intelligence directly references your organisation's brands, assets,
concerns and weaknesses, systems and defences (ie, those things most
relevant). Through this lens you can identify which threats pose the
greatest risk and use this information to guide security investment
decisions and strategies.

*Stage 3 – Projection.* The highest level of cyber-situational-awareness
involves making educated and informed assessments about what might be
around the corner to reduce uncertainty and determine what action to take
to mitigate the threat. Techniques include analysis of past behaviour to
predict future behaviour, identification of trends, geopolitical analysis
and understanding pre-cursors of previous attacks. In the short-term,
complete cyber-situational-awareness can prevent and mitigate harmful
events. In the longer-term it can be used to help prioritise threat
protection investments and policies.

At most organisations security resources are stretched thin. Making the
best choices based on relevance to your specific circumstances isn't just a
practical way to deal with the overload, but also the most effective way to
address potential threats, instances of sensitive data loss or compromised
brand integrity. Cyber-situational doesn't happen overnight, but with the
right approach you can prevent, detect and contain cyber-related incidents
today and better prepare for the future.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!