What level of preparedness do we have in case we are a target of a cyberattack?
Cybersecurity and digital transformation must work together because cyberattacks on information systems are increasing as more companies move their services to the cloud.
Latin America is no exception, with cyberattacks increasing by 24% by 2021. In February 2021, according to CrowdStrike, the e-Crime (cybercrime) rate rose by 124%, mainly harming the engineering and industry sectors.
This is not to say that companies should not employ technology in their day-to-day operations. On the contrary, there is a motivation for companies to make cybersecurity a top priority.
As we say at A3Sec, "it's no longer about whether or not it's going to happen to you, it's about what you're going to do when it does."
We consider strategy as making a series of decisions in order to achieve an objective within a given time frame. To do this, it is essential that our strategy has a series of steps that adapt to changes as they occur.
On the other hand, resilience is the ability to adapt to circumstances that may lead to undesirable outcomes. It is the ability to bounce back and learn after a problem.
A business with resilient strategies means that it has a set of steps in place which helps it to resist and learn from changes in the environment and avoid negative outcomes.
However, we can go a step further by creating anti-fragile cybersecurity models.
Technological resilience boils down to planning, using what we have learned and what the environment has taught us to add elements and capabilities that allow us to function and cope with attacks.
It is also important to be informed of what is happening in your organization and in the world in general, as well as to understand that reality can change due to unforeseen difficulties and problems. In this way, you will face challenges effectively and have a better adapted strategy the next time you are faced with a similar situation.
At A3Sec we support the phrase: "You can protect what you can see and you can improve what you can measure".
That is why it is necessary to have live data (dashboards) to observe what is happening as it helps us to draw conclusions and improve our cybersecurity approach, which is impossible to do with a static picture that says nothing.
By this point you will be convinced that information security is important in the digital world, however, we know that defending our entire system can be a complicated challenge.
For this reason, we have prepared six tips that we follow and that have helped us to shield companies from cyber-attacks.
It is essential to identify the environment we want to safeguard before implementing any plan. To achieve this, we will need to gather data such as the following:
After you have completed the above steps, you will need to learn more about the type of attack your environment is vulnerable to. You can help yourself by answering the following questions:
We must identify and concentrate our efforts on the attacks that will have the greatest impact on our business. This will help us develop actions focused on the user, technology, control and communication. To do this, you can answer the following:
In cybersecurity terms, Dwell Time is the time it takes to respond to an attack and recover. To reduce the reaction time to an incident, there are a number of phases to consider.
Prior to the initial attack period, there are two phases. The first phase involves the development of tactics, techniques and procedures to counter an attack. The second phase includes the addition of controls, as well as the development of detection and response capabilities to help limit the attack surface.
The third phase occurs after the attack, when the company begins to investigate and must be able to detect the attack. Finally, the fourth phase should utilize the processes and automations that have been built to contain and respond to threats.
By simulating environments where our system is attacked we will have a target for improvement if we find a weakness before it expresses itself in the overall system.
For example, Netflix has developed a series of packages that can help a lot in resilience issues this software is based on the Monkey Chaos model, which simulates numerous attacks that could bring them down. This model disconnects network elements and environments making the company learn to recover quickly from cyber-attacks.
Causing chaos means that we will always fall, but because we have learned to get up, we will respond quickly, and as a result, we will generate more confidence in our users because we will always be up and running.
We must remember that the most successful cyberattacks are those that are out of the ordinary.
The mistake we often make is to focus on what we observe, but what about what we don't observe?
The concept of survivorship bias, introduced by the mathematician Abraham Wald, comes into play, which implies that we should pay attention to what we do not see and protect ourselves from it, since this may be the reason why many businesses fail in terms of security.
Considering that we are surrounded by danger and that attacks on digital infrastructures are a part of life, this is the reason why we use cybersecurity. Both provoked and unprovoked damage to our infrastructure is possible, and both can have a detrimental impact on our business.
We must plan with measurable objectives in mind. Using precise measurements related to reality, we can identify obvious states of our environment.
Detection, reaction, recovery and continuity are important parts of the cybersecurity process. That's why it's important to keep the following in mind:
We can strengthen our resilience while chaos persists by establishing recovery models and continuing to learn. It is important to remember that there is always a better way to address a problem, and that evolution is impossible without learning.