By Jonathan Fischbein, Global CISO, Check Point Software.
We are in a heightened cyber risk environment. Thus far, CISA’s warnings have been general. But hackers are on their A-game these days. Taking a proactive approach to cyber security will enable your organization to emerge safely should you have to enter crisis mode at any point.
In fortifying security for mission-critical resources, many organizations are taking on extra drills, implementing more sophisticated monitoring programs, lowering reporting thresholds, expanding data backup regimens, reestablishing a culture of cyber hygiene and focusing on business continuity plans.
If your organization is restructuring cyber security frameworks and architecture, consider adding the following items to your to-do list.
- Resource acquisition. In this moment of global uncertainty, the “why” behind security is not a mystery. Executive leadership should understand the need for the “shields up” approach. If you are a CISO or a cyber security leader, ask for the resources that you need in order to prevent, detect and deal with potential intrusions.
- Public-private sector partnerships. Effective risk management requires communication across organizations in both critical industries and other sectors. CISA facilitates a variety of different types of public-private sector partnerships. If your organization isn’t yet involved, find out about how to participate.
- Patch known exploited vulnerabilities. In the past 72 hours, CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities catalog. These types of vulnerabilities pose significant risk for all enterprises, with an emphasis on federal enterprises. When patching and updating, track the number of system patches that have been put in across a specific time period and how many updates have been installed.
- Have quantitative metrics showing your efforts. Implement a risk-management process that includes risk quantification. Use security data visualization tools to help gather and analyze information. You can note down response times for different types of incidents, monitor data transference and maintain a roster of KPIs to show how your security compares to that of other organizations within your industry.
- Be prepared to face challenges that you haven’t prepared for. In cyber security, there are always known unknowns. Ensure that your cyber security teams are energized and focused, and that you have security support available 24/7.
Who’s most vulnerable?
Small businesses. The majority of small businesses have fewer resources and minimal staffing (if any) to support cyber security preparedness and incident response. What’s worse is that the majority of small business owners remain unconvinced of the potential threat, perceiving their businesses as too miniscule to receive attention from hackers. Consequently, for some small businesses, cyber security isn’t even on the radar screen.
Beyond your organization
Whether your enterprise is large or small, if your business goes offline in the wake of a cyber attack, you may unintentionally engender downstream effects; ranging from supply chain disruptions to widespread economic fallout, depending on the nature of your organization.
By the same token, although your enterprise may not be a direct threat target, any threats that hit your business dependencies (logistics support, resellers, service providers…etc.,) could disrupt your enterprise.
Protecting the totality of businesses
For many organizations, cyber security has been an uphill battle. But it’s one worth pursuing, as all of our lives are improved if businesses (and consumers) need not worry about cyber attacks affecting the drinking water, the food supply chain, the grid, the banks or the airports.
Take a proactive approach. Be part of efforts to create a safer world. As a business leader -whether you’re the CISO, the COO or the CIO- review CISA’s latest cyber security advisories. Here.