Page 92 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 92

supply chains by ramping up threats and expanding attack vectors, which we believe will continue to
            climb throughout 2022.


            The war in Ukraine has catalyzed  interest in cyber readiness. But even those of us who have been
            preparing  for  cyber  war  over  the  last  several  decades  are  now  reevaluating  our  toolkits  to  ensure
            complete preparedness should we need to engage in a full-scale cyber conflict. Cyber warfare may be a
            relatively new type of war but preparing for it should be no less urgent than preparing for physical combat.


            To  do  that,  there  are  four  major  components  of  cyber  preparedness  that  government  agencies  and
            military branches should address: intention, cyber hygiene, controls, and people.


            Why Intention Matters

            When Dwight Eisenhower gave his landmark speech on the dangers of the military industrial complex,
            he spoke of the need to find agreement on contentious issues and to exercise good judgement by striving
            for balance and seeking progress. He astutely remarked that the lack of good judgement eventually leads
            to  imbalance  and,  unsurprisingly,  frustration—a  sentiment  that’s  all  too  familiar  to  modern-day  chief
            information  security  officers  (CISOs)  charged  with  keeping  their  organizations—whether  public  or
            private—secure in the face of shifting attack vectors.

            The  past  two  decades  have  given  rise  to  a  thriving  cybersecurity  industrial  complex  not  unlike
            Eisenhower’s military one. Yet despite the Hydra-like growth of security vendors, the thousands of new
            capabilities that purport to control for risk levels, and the attendant rise in spending on security-related
            products and services, attack vectors keep growing. As they grow, they contribute to often unnecessary
            spending to maintain an already costly security infrastructure.

            As a result, it’s important to rethink and retool the solutions we have and the approaches we use to better
            understand what our current security investments are delivering, whether their results are still relevant,
            and what gaps still exist. Do we have proper controls in place? Can we scale in real or near-real time to
            meet challenges as they surface? Are our existing tools truly delivering on their promises? At the end of
            the day, it’s crucial that organizations think through and continuously assess their tech stack or they’ll
            find they’re not only wasting budget, but risking much more.

            We're behind in some areas and can do better; we are not as prepared globally as we might be. But we
            do have strong cybersecurity leadership and the right intentions to meet today’s challenges. Attacks today
            are more complex, layered, and targeted. Threat actors have shut down meat packing plants, disrupted
            critical infrastructure, and ransacked government agencies. We’re now also facing the implications of
            nation-state cyberattacks; the potential disruption of satellites and communications systems, of utilities
            like water, oil, and electricity. There are threats to physical and cyber defenses as well as the potential
            onslaught of misinformation campaigns designed to cause chaos and confusion. Nothing is off the table:
            Attackers will strike wherever it hurts us the most.






                                                                                                              92
   87   88   89   90   91   92   93   94   95   96   97