To see or not to see.
That is the question for business leaders concerned about cybersecurity—meaning, is your organization’s security team able to clearly see threats coming from all directions, or is it so focused on defending against external attackers that your entire organization is blind to threats lurking just off to the side?
Call it a case of “acute ocular cyberitis anxiety disorder.” Or maybe not. How about we just call it “very worried about cybersecurity blind-spots.”
External threat actors get a lot of attention, and deservedly so. Year after year, Verizon’s annual Data Beach Investigations Report (DBIR) shows that in almost every industry (except healthcare), external threat actors are responsible for the majority of cyber incidents and breaches that wreak havoc on organizations. So it’s only right and fitting that your security team should always be on the lookout for signs of external cyber-aggression. Traditional security tools – from firewalls to SIEMs – are frequently at the heart of a semi-mature security operation, and more mature organizations are using machine learning and new techniques (such as autonomous threat hunting and network threat advanced analytics) to greatly improve visibility into external threats.
But your organization simply can’t afford to turn a blind eye to the risks that come from people who are authorized to be in your network but who represent a significant threat just the same. Employees, far-flung contractors, third-parties and vendors can intentionally or unintentionally cause a lot of damage to your organization without catching the eye of your cybersecurity team in time.
Having visibility into these kinds of threats as well as external threats provides a 360-degree view into an organization’s cybersecurity posture. Here are four areas you should be focusing on to improve your organization’s cyber-visibility:
- Close-up vision: As much as you might love your follow employees, they don’t always have the best of intentions. Does your organization have a robust Insider Threat program to ensure that “trusted” employees don’t abuse their system-privileges or create “workarounds” that put sensitive data at risk? You may have a blind spot in this area. Insider threat is especially acute in healthcare, where, according to Verizon’s 2018 DBIR, misuse of authorized access to sensitive data for curiosity, fun or for profit is a significant problem. (Almost 40 percent of healthcare breaches dissected in the 2018 DBIR were motivated by financial gain, and 47 percent were motivated by fun or curiosity.) A comprehensive, ongoing review of security policies, procedures and physical/logical controls is essential to combating insider threat.
- Peripheral vision: The most successful and competitive organizations, especially in healthcare, are part of a sophisticated vendor/partner ecosystem. Many organizations enable third parties to have direct access to their network and applications; co-badged contractors are allowed to connect remotely to perform specific duties; and external service providers are entrusted to touch and process your organization’s data for legitimate business purposes, like research, transcription/coding or GDPR-compliant direct mail marketing. With one foot inside your organization and one foot outside, third parties can easily slip out of your cybersecurity program’s line of sight and imperil security. Policies, policy enforcement, logical controls and continuous monitoring must be in place to specifically address third-party cyber risk. Chief information security officers are encouraged to advocate for more investment in enterprise-level third party/vendor risk management programs. And we believe information security teams should have a seat at the governance table when organizations discuss overall risk appetite.
- Long-distance vision: It’s a big world, and it’s not easy to see all of the cyberthreats coming over the horizon. Integrating threat intelligence feeds into your security operations can greatly extend your visibility into global cyberthreats and treat this blind spot. When correlated with a crystal-clear view of internal vulnerabilities, threat intel can help you zero in on the probability of a breach, rather than the infinite possibilities. But be warned: un-optimized threat intelligence feeds can feel like a firehose to the eye. Managed Security Services partners can help your organization bring threat intel into sharper focus.
- Night vision: It’s called “the Dark Web” for a good reason: It’s incredibly difficult for your average cybersecurity team to infiltrate and navigate this underground online haven for cybercriminals. Resources skilled in Dark Web hunting are in high demand, and when there’s so much else to do to defend your network, some senior-level decision-makers might see Dark Web hunting as a lower priority or even a luxury. But it’s increasingly important for your organization to have persistent visibility into the Dark Web, and a trusted partner can help. Is your brand being mentioned on Dark Web forums as a potential DDoS campaign target? Are account credentials stolen from your organization for sale in Dark Web marketplaces? What are you not seeing when you don’t look?
Open your eyes to these potential blind-spots and you’ll have a much clearer picture of your actual cybersecurity posture and a much healthier security program.
Sure beats squinting in the dark!
About the Author:
David Grady, Principal Client Partner, Verizon Enterprise Services
David Grady can be reached at firstname.lastname@example.org