Is your Security Strategy Too Focused on the Next SolarWinds or Log4j?

Cyber-attacks happen around the clock, far more often than can ever be reported outside of the organizations they affect.

But sometimes an attack is so widespread and devastating that it sends shockwaves through the business world and even into the mainstream media. Incidents like SolarWinds and Log4j were front page news, sending organizations scrambling to patch them.

We think that the Gartner® report Prepare for New and Unpredictable Cyberthreats reflects on the common reaction to pour time, money and resources into trying to predict and defend against the next big blast cyber-attack – a drastic approach that doesn’t deliver well-rounded preparedness to unpredictable threats.

Read on to delve into our high-level interpretation of the report.

Focus on procedures, not potential attacks

It goes without saying that nobody can predict what the next big cyber-attack will be, otherwise it would be unlikely to materialize. Yet many CISOs and senior threat professionals still direct their focus on avoiding falling prey to these devastating attacks.

According to the Gartner report, “This leads to excessive and narrow responses.”

As a result, other areas of vulnerability becoming a bigger risk every day, such as those caused by business transformation, aren’t given due attention.

Many businesses are unable to quickly ascertain the level of risk the threat poses, so will often postpone important projects to tackle the problem or overreact by quarantining or even wiping data during their investigation.

Instead, businesses need to pay attention to continual preparedness, short-term response planning, and long-term strategies that cover the most likely eventualities.

Building resilient defense procedures

The Gartner report makes the strategic planning assumption that “by 2026, organizations investing at least 20% of their security funds in resilience and flexible design programs will cut total recovery time in half when a large blast attack occurs.”

Since it’s impossible to prepare for an unknown attack, resilience and flexibility are key in creating an effective defense plan. Any investment in this area is like paying for insurance – it becomes very worthwhile as soon as an attack does strike.

Communicate effectively during a crisis

The first foundation to lay is creating the right procedures, communication plans and decision-making policies to react to incidents.

For example, in case of downtime, documentation could be frequently backed up to be worked from offline. Alternative or failover communication channels could be put in place should one or several become unreachable.

Communication is a huge part of any incident response, so it’s essential to have a plan in place not just for staff but also for suppliers, customers, partners and regulators so everyone knows the severity of the attack and the plan of action. Keeping communications consistent, timely and clear can be complex so it helps to put a crisis management team in place to control this, and to create templates, scripts and distribution lists ahead of time.

Cybersecurity isn’t just for the IT department

Every aspect of a business is a target for attackers, so basic security awareness needs to exist throughout the organization.

While policies can still be set by the CISO and senior IT risk professionals, security decisions could be decentralized so informed staff members from different areas of the business can act quickly and efficiently according to agreed procedures.

Test your playbooks

Playbooks are common in incident response, but these are only useful if thoroughly tested and applied consistently to applicable situations.

Playbooks can be bolstered by guiding principles, which are broader in scope and can be applied across functions, depending on roles and responsibilities. Whilst playbooks are specific, guiding principles are adaptable to various situations, which is useful for unpredictable or previously unseen attacks.

Adapting to new threats by monitoring visitor intent

Every business needs several layers of defense to keep all manner of attacks at bay. For example, many businesses have invested in bot management solutions to defend against known automated attackers.

However, the bots used to launch these attacks are constantly evolving to bypass detection and defenses. This means it’s currently taking businesses an average of 16 weeks to identify when a bot attack has occurred.

Netacea’s AI-powered platform automatically categorizes visitors based on behavior patterns, sorting the bad from the good without relying on ‘spoofable’ signals.

Gartner, Prepare for New and Unpredictable Cyberthreats, By  Jeremy D'Hoinne, John Watts, Sam Olyaei, and Roberta Witty, 10 June 2022

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.