Cyber security breaches almost always result from the accumulation of multiple vulnerabilities over time — not from a single incident.
The unfortunate truth is that many organizations don’t do a good job of practicing proper cyber security situational awareness. Security teams typically focus on process or technical controls, risks relating to the latest vulnerabilities and patches, or security awareness training. However, security incidents continue to happen at an alarming rate, and successful attacks can have a disastrous impact on the business. That’s why it’s important to look higher up in the organization to effect change rather than just within the security and IT teams.
The reality is that vulnerabilities can exist within the corporate culture, security awareness program and decision-making process. The effects of external forces such as regulators, government initiatives and market trends can further impact the effectiveness of the organizations’ cybersecurity posture.
Organizations must therefore manage complex sociotechnical systems that impact all areas of the business. The keys to successfully managing this complexity are enabling highly efficient communication between cross-departmental teams and instituting clear processes for dealing with external forces, working with board members and the organization’s management team.
We must have proper communications between all the sociotechnical layers, because vulnerabilities can occur at any level. A regulator in one region could allow weak password policies that could lead to audit penalties in another region, or a decision by the board of directors could unknowingly trigger a hacktivist group to launch a distributed denial-of-service attack against the company. When policies are poorly communicated by management, the staff may not understand potential security impacts, which could lead to insider threats and the release of sensitive data.
To have true situational awareness, organizations must get every level of the organization involved in security.
Situational awareness, as defined by NIST, is the perception of an enterprise’s security posture and its threat environment, the comprehension/meaning of both taken together (the risk), and the projection of its status into the near future. It’s a holistic approach to security that should be the foundation for the prevention of and effective response to cyber attacks.
To be sure, achieving holistic situational awareness requires a lot of work and considerable investment. For example, NIST lays out 11 domains that need support for continuous monitoring for situational awareness in information security: vulnerability management; patch management; event management; incident management; malware detection; asset management; configuration management; network management; license management; information management; and software assurance.
End users also play a crucial and active role in enhancing cyber security situational awareness. Cyber criminals frequently take advantage of end users who lack knowledge about and attentiveness to cyber security issues. As such, situational awareness can be improved among end users through regular communications updates on how the latest attacks are taking place and educating the users on best cyber hygiene practices. A good cyber security posture is not just about the implementation of security controls and processes, but also involves engaging with users on security issues so the users are not the weakest link.
Organizations must consider situational awareness less a destination than a continuous process to improve cyber defense and security operations. Situational awareness must continue to be emphasized as the threat landscape changes. Organizations must be agile so they can quickly respond to interconnected, potentially dangerous incidents. This will result in fewer and less costly breaches.
DXC senior risk advisor Richard McEvoy and security risk management practice lead Scott Keen contributed to this article.