Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/23/2016
09:00 AM
Jason Sachowski
Jason Sachowski
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Be Prepared: How Proactivity Improves Cybersecurity Defense

These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk.

When responding to an incident, there is always extreme pressure to gather and process digital evidence before it is no longer available or has been modified. As illustrated in the KPMG 2015 Global CEO Outlook report, half of chief executive officers polled said their organizations are either not prepared or only partially prepared to deal with a major cyber-attack.  One reason these executives gave for this lack of preparedness was because too much attention is being spent on preventing attacks, and not enough on protection and response actions.

Here are five examples of how to shift from a reactive to proactive cyber preparedness model through the process of Digital Forensic Readiness.

Maintain a business-centric focus

One of the most significant barriers to cyber preparedness success is a lack of communication. It’s important that all key stakeholders understand the business risks they are trying to manage in both business and technical perspectives.  This includes the “value-add” of cyber preparedness as well as the ecosystem of complementary people, processes, and technology controls required to become proactive.

Don’t reinvent the wheel

Cyber preparedness does not need to be completely built from the ground up.  Methodologies such as Digital Forensic Readiness follow a systematic approach that supports proactive capabilities by leveraging industry best practices, references, methodologies, and techniques from credible and reliable sources (e.g. National Institute of Standards and Technology).  The investment in time, effort, and resources to achieve cyber preparedness should focus on what is required for a successful implementation and not on re-creating materials that are readily available for use.

Security intelligence goes beyond threats

The concept of security intelligence in this model will expand beyond traditional threat information collection.  It encompasses data generated by users, applications and infrastructure so that relevant business impacts can be assessed.  The most effective security intelligence programs take longer-term trends, risks, and business into account.

Keep tabs on external relationships

Where a decision is made to outsource a portion of business operations, organizations must always retain accountability.  With a risk-based methodology, ongoing management and monitoring of the third-party relationships should proactively identify risks and validate compliance with contractual agreements.

Understand costs and benefits

Decisions to skip, substitute, or not invest the amount of time, effort, and resources requires for a successful implement will most certainly result in a failed, incomplete, or misaligned implementation.  It is extremely important that organizations fully understand the impact a cyber preparedness program will have on budgets but also the benefit that will be realized from:

  • Demonstrating incident management maturity
  • Improving the identification and mitigation of a wider range of threats
  • Increasing opportunities to detect and prevent attacks
  • Encouraging good working relationships with law enforcement and regulators
  • Reducing the need for discovering digital evidence
  • Strengthening information management strategies to produce digital evidence when or if needed.

This article was sourced in part from the book by Jason Sachowski, titled “Implementing Digital Forensic Readiness: From Reactive To Proactive Process,” available now at the Elsevier Store and other international retailers.

Related Content: 

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Jason is an Information Security professional with over 10 years of experience. He is currently the Director of Security Forensics & Civil Investigations within the Scotiabank group. Throughout his career at Scotiabank, he has been responsible for digital investigations, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
4/25/2016 | 12:39:12 PM
Maintain a business centric focus
This is an aspect that is sometimes lost amongst security professionals. The idea isn't security vs functionality when making a decision rather security to complement functionality. You don't want to put up a million dollar fence to guard a $10 asset. Cost evaluations are pivotal in the security realm.
vadorSky
50%
50%
vadorSky,
User Rank: Apprentice
4/23/2016 | 8:45:19 PM
Optimistic point of view
An optimistic point of view, I'm more pesimistic on this issue, interesting article anyway, thx.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...