This featured blog was provided by eSentire.
Given how cyberattacks have evolved in the past few years, no organization has the luxury of forgoing cyber risk management. As a cybersecurity leader, you must understand the likelihood of a security incident occurring and how it will impact your organization. This knowledge can also dictate your overall risk tolerance and risk appetite so you can strengthen your security posture.
We recommend leveraging the MITRE ATT&CK® framework, which provides you with an operational and tactical roadmap to make decisions about where to apply your cybersecurity capabilities. In doing so, you can start to enhance their cybersecurity programs to reduce your overall cyber risk.
However, it’s not entirely feasible to build business responses for each tactics, techniques and procedures (TTP) found in the MITRE ATT&CK® framework. Based on the severity of the observed technique, your team should build a proactive response designed to counter the cyber threat and reduce your business risk. This is a crucial first step in developing a risk-based approach to cybersecurity.
The end goal is to look inward to identify the set of gaps and critical vulnerabilities that are most impactful for your specific business and mitigate them first. Ask yourself:
- Does my executive team accept that cyber risk is an enterprise risk?
- What are my business’ “sources of value” and do I understand the specific risks that can impact those sources of value?
- Do I know the specific TTPs that threat actors can use to target my business?
- How am I planning to address the vulnerabilities that were discovered?
- Have I identified all potential vulnerabilities that can impact my organization today?
On a day-to-day basis, it’s likely that your in-house cybersecurity team is often focused on supporting the business and projects that drive revenue. It’s also likely that they don’t have the cybersecurity expertise or staffing coverage it takes to monitor cybersecurity threats 24/7. Therefore, we recommend adopting a cyber risk-based approach that includes:
- Adopting a comprehensive vulnerability management program that enables continuous awareness of the threat landscape, proactive vulnerability scanning to understand which systems are inadvertently exposed, and disciplined patch management.
- Deploying a robust security solution capable of stopping both known and unknown cyberattacks, even those that leverage existing trusted applications for malicious purposes. Your security provider should invest heavily in developing original threat intelligence and research that continually enhances endpoint policy and protection.
- Understanding the adversary’s TTPs as well as activities that constitute “normal behavior” for your internal applications to help differentiate whether or not a process is performing a legitimate, suspicious or malicious action. This information helps you understand the TTPs impacting your environment as we collaborate to harden your defenses.
- Ensuring you have complete visibility into your endpoint devices and all events to create contextual awareness regarding what’s happening on assets across your environment.
- Engaging an MDR service provider that provides complete visibility and coverage of your attack surface with multi-signal MDR, powered by a strong XDR platform foundation and human expertise, to identify, contain, and respond to threats that bypass traditional security controls.
If you’re not certain how well-equipped your organization is to identify, detect, protect, and respond to cyber threats, we recommend completing the eSentire Cybersecurity Maturity Assessment for a temperature check on critical areas of your cybersecurity program.
Understanding your organization’s cybersecurity maturity, knowing the gaps, and addressing those issues is critical. After all, taking proactive steps to mitigate cybersecurity risk can mean the difference between a data breach or business as usual.
Cybersecurity is everyone’s business—including C-level executives, managers, administrative assistants, and even part-time office staff. Unfortunately, you can put all the right traditional cybersecurity measures in place, but all it takes is one employee clicking on a phishing email.