Page 29 - Cyber Defense eMagazine August 2024
P. 29

As a former CISO myself, I understand the concerns that 72 hours may not provide many organizations
            adequate  time  to  fully  comprehend  the  nature,  extent  and  potential  impact  of  an  incident  in  their
            environment. But such rules will force the discipline necessary for CISOs to implement a more proactive
            approach  to security  that is focused on developing  a continuous  understanding  of the efficacy  of their
            security tools and their vulnerability to security events, which in turn will allow them to take action faster
            and engage government partners in a more timely manner.

            Increased reporting will likely enable CISOs to better prepare for cyber attacks through attack simulations
            trained on a much larger body of threat intelligence.  Those essential preparations  cannot be effective if
            information sharing fails to provide threat data specific to their critical infrastructure sectors and specific
            functions within those sectors.



            How to Prepare for CIRCIA Reporting (and the Future)

            To prepare  for the  reporting  to  come, CISOs  must engage  with legal,  risk-management,  and  security
            teams to understand CIRCIA's requirements, assess their cybersecurity postures, and implement robust
            detection, simulation and reporting mechanisms.

            While CIRCIA  poses a tremendous  opportunity  to operationalize  intelligence  in their defense, forward-
            looking operators will also take the initiative to implement solutions and processes that prepare them for
            greater scrutiny of their cyber readiness from regulators and cyber insurance auditors.

            Industries  such  as  the  defense  industrial  base,  healthcare,  nuclear  power,  financial  institutions,  and
            electric  power  face  higher  minimum  standards  for  required  cyber  defenses  and  practices.  In  some
            circumstances, operators are even required to detail incident response and recovery plans and produce
            posture assessments. Other critical infrastructure provider sectors are not required to present such plans
            to operate, but will increasingly be required to produce such plans and assessments for auditors.



            How Breach & Attack Simulation Can Help

            Breach and attack simulation (BAS) solutions can play an important role in helping critical infrastructure
            organizations  prepare  for and comply with these rules,  as well as prepare  for future  assessments  and
            audits.  BAS  solutions  are  designed  to  safely  and  continuously  run  real-world  attacks—based  on  the
            tactics,  techniques  and  procedures  (TTPs)  used  by  cyber  adversaries—against  an  organization’s
            production  applications  and  infrastructure  to  validate  how  their  security  controls  are  performing  and
            identify gaps before attackers do.

            At its core, BAS is about applying the cyber incident experiences of organizations to the defense of other
            organizations. It can be used to develop cyber risk mitigation and incident response plans that strengthen
            defenses and better prepare organizations  to fend off future attacks. Both capabilities can benefit from
            sector  information  and  help  produce  cyber-readiness  reports  for  executive  teams,  insurers,  and
            regulators.






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          29
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   24   25   26   27   28   29   30   31   32   33   34