A lot of Cybersecurity was discussed at RSA Conference videos this year.
Let’s start with Global Healthsecurity Roadmap: Notice the major vendors being used by many an Enterprise for different parts of the architecture:
Including Network, App/Data, IAM(Infrastructure Access Management), Endpoint, and monitoring/analysis
Or about NIST Cybersecurity Framework:
Identify, Protect, Detect, Respond, and Recover.
Of course the NIST Framework is not exactly new. and is the overall environment outline for government organizational Cybersecurity.
The good thing is that the NIST framework gives a template to design an overall Cybersecurity defense.
Us in Cybersecurity always end up talking the attacker and this was discussed at RSAC as well:
Especially how the OODA (Observer, Orient, Decide, and Act)
Our OODA loop (as defender) is longer due to the attacker being able to make quicker decisions. That is why the attacker is set as inside the standard OODA Loop of the security defense.
But this concept of who is where on each other’s OODA loop is not the only image from the conference.
If you notice that the green Business arrows are within and outside of the Attack & Defense loops. It depends on whether the business is ‘hamstrung’ with security authority or not.
If you notice business can move fast and faster than attackers, here is an example:
What happens when a salesperson wants to make a sale while using a new application (like a video chat app). The salesperson downloads the app and uses it so the sale is made. The decision and act cycle depends on whether you ask the IT security person or not.
when the salesperson makes their own decision without approval they are actually even faster than the hackers. (since the data stream will now be on a different application).
So even though we can be inside the attackers loop does not mean we ignore security considerations. This loop means that we need to teach security to people with decision-making powers.
The last points from the conference are the following:
We make headway and map our processes to gap analysis and a Security Architecture.
The key is to build information Security Program Oversight and review your processes of IT backups and all major defense systems.
Here is what I have suggested in the past:
Knowing where a breach occurred is important in your processes, and can be the difference between finding an attacker and allowing the attacker to roam at will in your network and equipment.
So in case you were wondering – what methods to use? We circle back and make sure we are doing the basics.
Compliance and Security frameworks are only the beginning. A true Cybersecurity policy companywide is not easy and requires buy-in from everyone.
Contact Us to discuss how to get a leg up on the attackers.