This content has been archived. It may no longer be relevant
Implementation of agile cybersecurity programs to protect the company internally and from external breaches
The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
Yevhen Zhurer, Head of Sales, Ekran
What for you are three key practices to ensure an agile cybersecurity program?
Prior to an Agile shift, we recommend assessing the existing cybersecurity strategy against the desired result by performing a detailed gap analysis. This involves determining how current cybersecurity processes align with Agile principles and methodologies and what needs to be done for Agile transformation. Regular cybersecurity strategy assessments are crucial to maintain a high level of flexibility and keep up with constantly emerging cybersecurity threats.
Our top three practices are:
- Creating an Agile Roadmap. Planning is vital in Agile, as it helps measure progress, define clear deadlines, and outline specific steps to be made towards the desired goals. For a cybersecurity strategy to be responsive to emerging cybersecurity challenges and trends, a roadmap must be capable of change, allowing for flexible and rapid adjustments when needed. An organization can achieve this by keeping the planning horizon not more than a few months ahead. Agile roadmapping also suggests using an iterative model by defining specific use cases to narrow down the focus and decide on relevant cybersecurity changes and processes to be implemented during each sprint.
- Educating staff about the Agile approach. Agile is about people. To make it work, it’s important to educate the organization’s cybersecurity team and others responsible for cybersecurity strategy implementation on the core Agile principles. It’s vital to explain what Agile is, how it works, and, most importantly, why your organization needs it. People need to understand the motivation behind any change; otherwise, they may sabotage it. Designating a responsible employee or hiring an Agile specialist can help ensure the Agile methodology is understood and used correctly and efficiently in relation to an organization’s cybersecurity strategy.
- Creating a collaborative environment. Achieving the desired results is a shared responsibility. A collaborative environment can make it easier to assess the cybersecurity strategy and efficiently change it. Leveraging the spirit of teamwork can help to ensure that every person involved is open to communication and able to share knowledge during the entire Agile adoption period. Key stakeholders and decision-makers deserve special attention, as they frequently limit the potential of the Agile approach by not supporting it. To shift the management’s perception, the need for collaboration must be clearly communicated. Achieving the cybersecurity strategy goals is only possible through joint efforts.
How can organizations protect themselves from breaches internally and mitigate risks across supply chains?
Tight interconnection with the supply chains raises the possibility of supply chain attacks, malicious third-party attacks, and inadvertent destructive activity inside organizations. To prevent this, companies need to concentrate on mitigating factors contributing to poor supply chain cybersecurity, which are a lack of visibility over employees and third parties, poor data management, and extensive employee and third-party access rights.
It’s essential to constantly assess cybersecurity risks, understand the supply chain, and know its key components. Additionally, by creating a detailed cybersecurity strategy and a formal cyber supply chain risk management (C-SCRM) program, an organization can coordinate a coherent movement toward managing its internal and supply chain cybersecurity risks.
Organizations should pay special attention to securing business data on multiple layers: from separate applications to the overall infrastructure. Furthermore, establishing proper employee and third-party user activity monitoring is also crucial. Efficient supply chain risk management also involves working collaboratively with suppliers on identifying weak spots in the cybersecurity of each supply chain entity to improve your mutual security.
As we accept a ‘when, not if’ approach to cybersecurity, what for you are the key components of an effective disaster recovery and incident response plan?
When planning an incident response, it’s important to take a multi-tiered approach to secure your organization’s network and assets. Generally, we advise organizations to follow the recommendations of the Computer Security Incident Handling Guide, 800-61 Revision 2 by NIST.
The key universal components of creating an IRP would be:
- Establish a cybersecurity incident response team that will coordinate key resources and team members during a security incident so the impact of an attack is minimized and all operations are restored as quickly as possible. Each team member should know key cybersecurity policies and procedures of your organization as well as their specific responsibilities in case of an attack.
- Plan all procedures in advance. Your incident response team should define types of potential security incidents the organization can experience, attack vectors, and establish priorities for each potential incident, and plan their actions.
- Monitor user and network activity to see, manage, and collect evidence of any potential threats coming from inside your organization. Employees and subcontractors with access to sensitive data can (sometimes unknowingly) create an insider threat.
- Take care of backups and disaster recovery strategies. Implement mechanisms that will allow you to conduct swift data recovery and service restoration in case of an accident. You can rely on data loss prevention, cloud and hybrid backup solutions, network scanners, etc.
- Make IRP update a continuous process, improving it based on the information on new threats, mandatory regulations and requirements, and previous security incidents.
How have you seen the risk landscape change with work from home and hybrid working?
Working from home made remote security risks and insider threats (both malicious and negligent) more common than before the COVID-19 pandemic. Remote employees often use personal devices, connect to unprotected networks, neglect cybersecurity rules in favor of convenience, and can be easily susceptible to social engineering. These activities make corporate networks more accessible from the outside and therefore open to an outside attack.
To tackle these risks, organizations have to improve their identity and access control capabilities, as well as provide remote users with tools to secure their connections (corporate VPNs, firewalls, devices, credential managers, etc). It’s also a good idea to monitor and record the activity of all users that connect from outside the protected perimeter. It allows an organization to spot threatening user actions, block them, and collect evidence in time.
Where do you see the biggest cyber security risks on the horizon?
Nowadays, modern technologies allow almost anyone to become a hacker and this is the biggest cybersecurity risk on the horizon. What organizations can do is to minimize their possible negative impact by implementing a human-centric cybersecurity approach. Though we expect that cyber attackers will use more complicated methods, actually, implementing the best cybersecurity practices can save us from the most of cyber risks.
Such approaches as zero trust architecture, along with the least privilege approach, and separation of duties, have already proven to be effective in significantly reducing the consequences of any cyber attacks. Implementing modern technologies like artificial intelligence for analyzing user behavior can provide organizations with the necessary transparency and incident detection capabilities.
People who are working in your organization can also be the first line of defense. Conduct employee training on existing and newly arising cybersecurity risks to help your employees prevent attacks from happening.
Tallen will be speaking at our upcoming TPRM: Cross Industry Congress taking place in Atlanta on November 8-9 at Crowne Plaza Atlanta Midtown.
You may also be interested in…
Have you made your free account?