Relationships in the Cyber Era
Nowadays, when APT (Advanced Persistent Threat) attacks have become common and the level of damage to enterprise organizations is severe and largely increasing, our role is to prepare for the APT era. According to a study by VARONIS, it takes about 160 days to discover an APT and approximately an additional 60 days to contain the event. Oftentimes, the awareness of APT comes after an IMPACT has already been created for the organization, which is of course too late. Defense Technology and business organizations will always have the challenge of seizing APT attacks and this requires a different approach on several levels. As CISO, we are committed to changing our attitude and not adopting only advanced technological tools. The current awareness is not appropriate for this kind of situation and in this article I will suggest how to increase the chances of stopping APT by shifting the awareness towards creating lasting relationships in the organization that will help prevent APT events and achieve an even faster containment in cases of impact.
Lateral Move has become an art form adopted by attackers. They work according to a regulated PlayBook and every action is carefully calculated to stay under the radar. Using obfuscated tools and the fast deletion of traces of any operation make it very difficult to detect by cybersecurity systems. Some of the goals in Lateral Move are to gain control over privileged accounts but, like any human, the attackers also make mistakes.
A random irregular action can raise general, but insufficient, suspicion to link the incident to a hostile cyberattack that requires informing the cyber team. The awareness plans applied by an enterprise with a global presence and thousands of employees are ineffective in the event of such an attack. Professional ongoing relationships should be created in order to enable linking abnormal activity to an APT attack and also a faster containment of the cyber event that has already occurred.
Despite my extensive experience, I am not a great relationship expert and will probably still be in the learning stage for the rest of my life. But I do know that there are a number of basic things in any relationship that are mandatory for success.
Choosing a Partner
I give first priority to choosing the partner to build a relationship with. We cannot build many relationships, and certainly not in an enterprise that has tens of thousands of employees, hundreds of departments and is located in numerous places around the globe. We need to carefully select the departments we want; I would choose them based on criticality to the organization and also based on an equally important parameter in places we know we are more vulnerable and exposed.
When we want a relationship to succeed we must invest in it; essentially, if we decide to invest we will, of course, need the appropriate resources. First, create a dialogue with the department’s management, while understanding the business and building relationships with key employees. Participating and creating joint meetings has sewed both ends and must be continuous. Create an understanding on the other side of the importance of paying attention to things that seem wrong. Become an advisory factor to decrease False Positive and raise interest on the other side. Assume that even a strong, well-built relationship without regular cultivation will reduce the ability to identify and contain an APT event.
Routine is the enemy of every relationship; getting into a routine alone might create a kind of numbness. The topic of cyber is found in the headlines across the media almost every day and is a source of interest to people. We as professionals can give tools to employees in their personal lives and produce different methods of transferring knowledge. You can have some sort of Lunch and Learn sessions, meetings with our industry professionals regarding professional and private issues, and more. Such activity will create mutual ADDED VALUE and eventually bring about the ultimate goal, which is to maintain the workplace that provides security for us and our families.
Today, more than ever, our role as a CISO is not simple – it requires us to create a resilient and fast recovery system in cases of cyber-attacks. The effect of a cyberattack impact is great in terms of time and money – if we look around, we will see that organizations today lose tens of millions of dollars to cyberattacks and even more. Recovery times from such an attack are prolonged, therefore sustained investment in relationships is beneficial, even for a single time of prevention or containment of a cyber impact in a timely manner. Implementing such a relationship over time requires a unitary and organizational culture, and like in every relationship in our lives, the positive result is more than lucrative!!