Daniel Lohrmann - Cyber Mayday and the Day After

No businesses want to be a sitting duck, which is why it is critical for the CISO leadership to be appropriately identified and strategically placed in the organization. The CISO and team play a huge role in steering and executing the cybersecurity program, ensuring that appointed parties are responsible and accountable. The cybersecurity function (ideally led by a CISO) has to be deliberated at the C-suite and reported at the board level.

More and more people are coming to the realization that cybersecurity is not just an IT issue. The onslaught of recent cybersecurity supply chain attacks and identity breaches on a global scale is a clear sign that it is not a matter of if, but when, an organization discovers it has undergone a cybersecurity attack, whether directly or indirectly. Boards and executives need to understand the “system” at play in how these attacks and the damaging downstream consequences pan out. They do not just center around the IT departments of their organizations, but impact every member within the organization and externally, including each of their customers.

How the organization reacts, responds, and learns from cyber incidents is very much a reflection of the organization's values and capability.

CEOs and boards need to understand what zero trust is and how blindly adopting zero trust could stand in the way of effective incident response (IR) when cyber emergencies happen. The zero trust approach, by definition, is to “never trust, always verify.”

The concept is not about making a system or network trustworthy. It is about eliminating trust from the decision loop. While useful as a broad cybersecurity concept, boards and executives need to carefully apprise the risks that come with such an approach, especially if their cyber response playbooks require the use of a service, software update, or patch that cannot be verified quickly enough to contain the incident. Often it may be useful to identify trade-offs early on in a risk-based approach and take an approach of pre-verifying “verified” systems, vendors, or partners for situations like this.

Mark Weatherford's story highlights the vital need to do your homework when selecting a CISO or other top cybersecurity leaders. Much more on this in Chapters 2and 4, but it must be emphasized upfront that you need someone accountable for the cybersecurity program with the knowledge, experience, a good understanding of organizational culture, and the authority to get things done.

Beyond background checks and impressive resumes (or CVs), does your CSO, CISO, or other top cybersecurity executive excel at relationships in a 360-degree manner with staff, peers, executive management, clients, and vendor relationships? You can strengthen the leader's effectiveness by surrounding him or her with the right mix of professionals who close gaps in weak areas. Finally, does the CISO's vision of success align with the executive board?

The eye-opening stories from Deb Snyder reveal an ability to adapt and remain resilient as cyberattacks grow and become more impactful.

In the next few chapters, we will demonstrate how an effective cybersecurity program with relevant strategies, tactics, plans, and playbooks grew to become best practices and eventually standard practices for cyber defense teams worldwide. Leaders can't wait for a perfect solution and allow indecision in the midst of cyberbattles. Rather, they must act and adapt based on threat intelligence, robust information sharing, and a clear understanding of priorities with the tools available to fully utilize their team's skill sets.

1 1.“Flying Blind in Third-Party Ecosystems,” white paper, CybelAngel, https://cybelangel.com/third-party-ecosystem-landing-page/.

2 2.Amanda Fries, “Albany's Repair Cost after Ransomware Attack: $300,000,” Times Union, September 27, 2019, https://www.timesunion.com/news/article/Ransomware-attack-on-Albany-cost-300K-to-14473544.php.

3 3.Manny Fernandez, David E. Sanger, and Marina Trahan Martinez, “Ransomware Attacks Are Testing Resolve of Cities Across America,” New York Times, August 22, 2019, https://www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html.

4 4.Lucas Ropek, “Louisiana Declares State Emergency After Malware Attack,” Government Technology, July 25, 2019, https://www.govtech.com/security/Louisiana-Declares-State-Emergency-After-Malware-Attack-on-Multiple-School-Systems.html.

5 5.New York State Education Department, “2019 Data Privacy and Security Annual Report,” http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/annual-report-on-data-privacy-and-security-2019_0.pdf.

6 6.Emsisoft Malware Lab, “The State of Ransomware in the US: Report and Statistics 2020,” Emsisoft blog, January 18, 2021, https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020/.

Текст предоставлен ООО «ЛитРес».

Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.

Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.