The cyber security threat landscape is evolving rapidly. Cybercrime is on an upswing. Every day there is news of compromised systems and cyber-attacks. The growing global market in cyber-crime is projected to hit US$6 trillion by 2021. The past year was full of ransomware attacks such as WannaCry, NotPetya and BadRabbit. All this makes the job of today’s Chief Information Security Officer (CISO) challenging.
As the threat landscape continues to evolve, CISOs will need to rethink strategy, says Sharad Sadadekar, CISO and Vice President – Information Security, HDFC Standard Life Insurance Co. Limited and goes on to list the top 10 things that CISOs need to do to prevent and combat zero-day threats.
Do the basics rights and do them well. CISOs should always have a strategy before, during, and after an incident.
Knowing assets is not enough; ensure new assets that get added are classified. Regular asset discovery helps an organization find shadow IT that may pose a weak link in its security. It also helps firms focus on their most important assets. It is almost impossible to take care of every asset equally. CISOs need to understand what assets they have and which assets are at risk.
Get rid of heavily protected legacy and EOL systems: Legacy systems that fall outside of patch programs are a massive security weakness. Such systems need to be identified and replaced—or, at the very least, surrounded by an extra layer of protection and made sure that they are not accessible through the Internet.
Patching should be a discipline: Many organizations have patching and VA calendars, but how effectively it really is practiced will eventually ensure the level of resilience. Patching takes time. Sometimes systems give blue dump and older systems not easily patchable. Patching needs a lot of push within the technology team as well as the business team.
Make lateral movement difficult: When a system gets infected, it starts to discover other vulnerable devices and on the new host it will start infecting /encrypting and then start spreading like fire. Cordoning off networks from one another and limiting sharing access can help in restricting the outbreak.
Back up and ensure it is restricted: Make sure that backup data is available, thus allowing operations to switch with minimal downtime.
Limit access privileges:Access is not a privilege but a liability. Use the concept of granting access to data only to the extent that someone needs to have to perform their duties.
Be prepared for the changing threat landscape: Ransomware like WannaCry is already undergoing fast iterations, with the original attackers—as well as copycats—adapting to defenders’ methods. File-less malwares are now using innovative techniques. Deploy controls for APTs and malwares as traditional antivirus are not sufficient.
Build robust cybersecurity frameworks to guide practitioners:National Institute of Standards and Technology (NIST) has published the “Cybersecurity Framework,” which is an excellent cybersecurity assessment tool. This is not a recipe book; it is designed to guide the discussion and development of a plan primarily because each organization has different assets, risks and risk tolerance.
Build resilient cybersecurity crisis management and recovery program: It is imperative to be prepared in advance and be ready to respond for a breach in a manner to ensure that customers’ as well as organizations’ own interests are adequately protected. That due diligence can be demonstrated with a formal cybersecurity crisis management plan.