Page 23 - CDM-Cyber-Warnings-March-2014
P. 23
Best Practices in Cybersecurity: Adopting a Cyber Playbook By Paul Nguyen, President of Global Security Solutions at CSG Invotas Cyber Crime on the Rise It’s hard to read the news these days without learning about yet another security breach, although cybersecurity threats are nothing new to private- or public-sector organizations. We know that attacks routinely target critical networks and that they are as likely to target multiple organizations in a single or related industry as they are to focus on a single target. We also know that attacks can unfold in the blink of an eye but can take months—even years—to be properly identified and eradicated from an organization’s systems. Consider the figures: In 2012, the U.S. saw a 400% uptick in mobile malware, a 42% increase in targeted cyber attacks, and a 300% rise in the number of data records compromised by a security breach. These dramatic increases reflect the dynamics of a digital economy. Technology is constantly changing and evolving, which means cyber attacks are constantly changing and evolving too. Attacks that come in looking like one piece of software code quickly mutate and adapt to the target environment, multiplying the number and types of attacks and proliferating at machine speed to expose weaknesses. The result? New vulnerabilities and attack vectors are continually discovered—and security teams are continually playing catch-up. Advanced cyber attacks pose a serious risk to commercial and government concerns. To counter these threats, many organizations have established security operations centers (SOCs) that leverage advanced tools embedded in their standard operating procedures. Typical SOC analysts will be trained to utilize multiple tools but will still spend a large portion of their time on the manual components of each tool. Simple tasks such as updating helpdesk tickets, performing manual content enrichment (e.g., testing hyperlink safety and uploading malware protections) and gathering information from infected machines require a significant amount of analyst time. When the time to complete all of these tasks is compared against the actual analysis of the incident, organizations frequently find that their analysts spend more time on repeatable processes than on using their highly trained analytical skills. What’s more, traditional cyber defense tools don’t provide adequate protection from attack. So if we take the time analysts spend performing the same manual tasks over and over, the inadequacy of legacy technology, the shortage of security workers in the industry, and the personnel-intensive integration of all of these tools to thwart cyber attacks, it’s clear that a better, more streamlined approach to cybersecurity is required. The Cybersecurity Playbook Enter the cyber playbook. Given that specific incident or threat types determine the workflow, tools, and processes analysts choose to respond with, a cyber playbook can become the repository for all such “plays” that can be orchestrated on the fly and combined for specific threat-response scenarios. The playbook can—and should—contain all probable combinations of workflows, tools, and processes to ensure that responses can change and adapt in real time to mirror and ultimately thwart attacks. Similar to an NFL playbook, a comprehensive cybersecurity playbook will represent tested and successful routines that can be quickly repeated with minimal customization or manual intervention. " # % " $ " # ! !
