/

CyberWork

What does a holistic cybersecurity strategy look like?

IT and advanced technologies are no longer solely responsible for the security of our digital assets. In fact, cybersecurity needs a powerful strategy that involves technology, people and processes. As Internet users thrive in emerging economies, the problems of misinformation and cyberattack faced by “cyber advantaged” countries will be felt around the world.

The difference between a traditional and a holistic cybersecurity approach

IT and top technical products are no more responsible alone for the security of our digital assets. Cybersecurity now needs a strategy. One that involves technology, the people, and the processes. As internet users flourish in the emerging economies, the disinformation and cyberattack challenges experienced by cyber-advanced countries will occur there, too.

More data will be captured, stored, and used, making policy attempts a more urgent need than ever before. In 2020, as we drive toward the Fourth Industrial Revolution, we look at extensive connectivity and digitization.

But, as the latest technologies support economic progress and convenience, they also bring larger security challenges- both in terms of impact and frequency.

Traditionally, cybersecurity began with antiviruses and ended on special suites of software programs that promised to catch malware of all kinds. Today, as the tech space became more complicated, so did these worms and viruses.

Today, we need more than tools and technologies to keep our digital resources secure. In 2020, over 68 percent of business leaders say that the cybersecurity risks facing their organizations are growing.

To address these risks, business leaders will have to arm themselves with the right tools, knowledge, and skills to address issues of data theft and organizational risks. This could include new leadership profiles on the board, enhanced risk assessment and mitigation, and partnerships with external tools and solutions providers to meet cybersecurity responsibilities.

Holistic Strategy in a Company
Having a holistic cybersecurity strategy, important to ensure the serenity of your business.

Gaps in building a holistic cybersecurity strategy

An effective, integrated approach to data and app security is still lacking in organizations. Here are the three specific gaps businesses confront, according to McKinsey:

Lack of structure

Boards and committees have more reports than they can handle and comprehend. There are several Key Performance Indicators and Key Risk Indicators. These reports are often poorly structured with inconsistent data and too-high levels of details to lead to any significant result or detection. Research says that since security executives work manually on creating spreadsheets by compiling data from these reports, the result is a dissatisfactory compilation for board members.

Lack of clarity

Most reports fail to clearly state the implications of various risk levels for business processes. Board members rarely make sense out of the clutter with technical jargon and short hands. Consequently, they struggle to get a clear idea of their organization’s risk status. Key executives say risk reports are too technical and beyond them.

Lack of consistent, real-time data

Different departments in the same organization often use different and conflicting information to describe and evaluate aspects of cyber risk. Add to this the fact that the underlying data is often too dated to be of any use in managing or handling quickly evolving cyber risks.

“A holistic cybersecurity strategy can address these gaps and help build overall organizational resilience.”

Steps to build a holistic cybersecurity strategy

Here’s how an organization can systematically build a holistic strategy to tackle cybersecurity in a fast-paced risk and threat world.

Get a top management overview

A holistic cyber risk management approach has its pre-requisite in a top-management overview of the enterprise and its multi-layered risk landscape.

Here are a few critical pieces in the puzzle:

  1. Assets – Clearly define your critical digital assets.
  2. Controls – Use differentiated controls to balance security with flexibility.
  3. Processes – Build forward-looking cybersecurity processes focused on effective responses in no time.
  4. Organization – Hire for the right skills, efficient decision making, and install enterprise-wide cooperation.
  5. Governance – Invest in operational resilience based on transparency into cyber risks.
  6. Third-parties – Focus on achieving coverage for the entire value chain, including third-party service providers.

Focus on High-Priority Risks

Mitigate the top risks by following this simplistic approach:

  • Identify risks – After your information security officers create a list of critical risks, known risks, and potential new risks, establish your organization’s appetite for the identified risks. The cyber resilience of any organization can be measured by how well secured their critical assets are. Involve top management in identifying these risks and assigning them a priority number.
  • Analyze and evaluate – After identifying risks, allow internal and external experts to evaluate each risk for its likelihood of occurrence and potential impact. Based on this analysis, risk owners can prioritize areas for risk mitigation, starting from risks that are most likely to take place with the biggest negative impact.
  • Treat the risks – Create an overview of all actions taken to mitigate the risks identified and evaluated. Evaluate risk mitigation initiatives on the basis of their effectiveness in reducing the probability of a risk event and the impact such an event might have. If, after risk mitigation, the risk level exceeds limits, additional mitigation measures should be taken.
  • Monitor – Monitoring capabilities are the most critical instruments to bring in cybersecurity discipline throughout an organization. The report generated after monitoring activities should be concise, well-written, and free of technical jargon for the convenience of the board members.

As a strong example, we would like to share the works shared by the National Cybersecurity Agency of France (ANSSI). They published a toolbox called “EBIOS Risk Manager” for assessing and treating digital risks which can helps at handling these issues.

Break down silos

Most organizations fail to transform their cyber risk arrangements because of the many disparate functional units or silos that obstruct any change. At many enterprises, data owners and line managers limit their operations to the data pool or business unit for which they are responsible, not looking left or right toward the bigger picture.

The reports that emanate from a wide variety of siloes frustrate decision-makers as they fail to address the bigger picture and keep talking about nonsensical stuff that might not matter in the larger perspective.

This situation can be dealt with by creating a holistic, unified dashboard to reflect the current state of cybersecurity across all critical digital assets. Such a dashboard can force everyone to stick to a common language, common ways to denoting risks, and common guidelines of assessment. But, what if this kind of dashboard was not linked to the ground and to the reality of your security, from a technical point of view?

Foster collaboration

In order to create a good dashboard, interest groups need to collaborate, harmonize definitions of KRIs, threat levels, and compliances. When talking about holistic cybersecurity, it’s not possible by the individual efforts of a team of tech wizards or business experts.

For real comprehensive cybersecurity, interest groups must come together to comprehend the business implications of technology and the technological requirements of business goals. It’s important to note that holistic cyber risk reporting is as much about the people involved as it is about technology and dashboards.

Successful transformation happens when business owners and key executives are involved from day one and are willing to make tradeoffs to strike a balance between productivity and protection. To aid these decisions, executives will need experienced managers who will ultimately become the carriers of the same ideology of holistic cybersecurity.

Ensure cybersecurity doesn’t prove a roadblock to innovation

Organizational leaders might need to rethink enterprise structures and governance to enable a more robust cybersecurity posture. This is where they need to pay due attention. While cybersecurity is an essential undertaking for businesses of all sizes, it must be integrated into an enterprise from the bottom up such that it does not become a deterrent for innovation and transformation.

For holistic cybersecurity to be feasible for enterprises, it’s important that it supports technological change and advancement and not hinder it.

Invest in cyber insurance

An increasing number of businesses now realize that cyberattacks are an expenditure they need to mitigate. The cost of cybercrime can be calculated as per four disparate cost components- detection and escalation, notification, response, and the cost of customer loss.

A critical part of a holistic cybersecurity strategy is to mitigate the risk of a cyberattack. It’s been estimated that by 2030, the annual gross written premium for cyber insurance will increase by 200 percent, from USD 2.5 billion to USD 7.5 billion.

For large organizations, the cost of a cyber data breach could easily add up to USD 2 million in losses. As businesses get increasingly connected, cybercrimes will not only impact their data and systems but also those of their partners and customers.

This is why many experts encourage companies to explore getting businesses cyber insured. But of course, it will not protect infrastructures, from a technical point of view.

The pre-requisites to a holistic cybersecurity approach

A holistic cybersecurity approach works as an advantage to any organization if it’s taken as a shared responsibility by everyone and not just as a job for a select group of security experts.

We need no statistic to say that people are part of the biggest security risks in any organization. Therefore, it is important to let your people know what needs to be done in a particular security incident.

Business risks can be largely reduced by bringing in this shared responsibility into an enterprise’s culture. To address the human aspect of cybersecurity, foster a security-conscious culture where employees feel encouraged to follow certain procedures.

Managers should convey that security is an organization-wide activity, and the pro-security attitude should be passed from the top of the organization.

Employee training and education can also go a long way in helping your workforce understand potential threats and their duties to follow procedures and processes that help prevent security events.

A culture of responsiveness, reporting, and openness rather than that of blame, shame, and fear can help enterprises build more resilience into their operations to mitigate and limit any damage.

Holistic technologies for a holistic approach

Most companies, even cybersecurity startups, often focus on only one technology vertical. These businesses only try to defend themselves against malware and other immediate threats. Solving one part of the equation without thinking about the complete picture.

Let’s say, a company builds an EDR

Endpoint Detection and Response (EDR)
An EDR is an endpoint security solution that first came out to address the shortcomings of next-generation antivirus technologies. This agent is capable of detecting unknown attacks and launching sophisticated remediations against advanced threats, with superior investigation features.
TEHTRIS EDR offers enhanced detection and response capabilities. It can be deployed with TEHTRIS EPP (Endpoint Protection Platform) inside the TEHTRIS XDR Platform, to combine both layers, from superior protection to boosted detection and response.
EDR and EPP technologies are merging worldwide, and many companies decide to only buy the same brand through Endpoint Security bundles.
“>EDR (Endpoint Detection and Response) strategy. While EDR is an important piece of the cybersecurity puzzle, it isn’t enough in and of itself. EDR enables companies to identify security incidents, investigate them, and remediate them on endpoints. That should be one of your first line of security inside the operating systems, combined with your EPP
Endpoint Protection Platform (EPP)
An EPP is an endpoint security solution that comes from the next-generation antivirus world. Such an agent is capable of preventing many attacks like file-based malware attacks and malicious activities, with specific features against many security issues like phishing, exploitation/0-days and network attacks.
TEHTRIS EPP offers enhanced protection capabilities. It can be deployed with TEHTRIS EDR (Endpoint Detection and Response) inside the TEHTRIS XDR Platform, to combine both layers, from superior protection to boosted detection and response.
EDR and EPP technologies are merging worldwide, and many companies decide to only buy the same brand through Endpoint Security bundles.
“>EPP (Endpoint Protection Platform, antivirus).

A sophisticated EDR might give you the following options to respond to a threat:

This gives a deeper level of visibility into endpoints as EDR identifies and interprets anything unusual living on an endpoint.

Some EDR will also have full rights on all endpoints, which can become extremely dangerous, especially when they can be managed from the Active Directory. That would become a leverage for in depth hacking after an AD get compromised. Of course, it’s not the case with TEHTRIS EDR, as we propose a stronger level of security. But we recommend CISO and Cybersecurity staff to have a look at the risks of adding dangerous powerful agents on all devices, linked to weak points in your infrastructure.

So, EDR offers visibility into your endpoints. But there are limits.

First, EDR alone has blind spots (unless it’s connected to a holistic solution). Second, EDR needs a security staff trained in detection and response, plus skills and time for the integration of the solution. While this is feasible for large enterprises, SMBs might want to check-in on their budgets. And training will not help alone if nobody tries to configure the EDR properly during the integration phase. And then, you also have to maintain these configurations. What if there is a new path of a new product with new Authenticode to analyze, new behaviors of processes? if you have thousands of EDR agents deployed, what will happen if they have no efficient policy to fight against all unknown threats? Even the new ransomware of the day will remain a huge problem.

Finally, EDR doesn’t focus on some details, like network insecurity in your organization. Example, what if all the traffic is allowed from everywhere to everywhere in your organization with a flat network infrastructure? or what if remote accesses easily exist because of compromised VPN? Therefore, threats can come in through a network and move laterally across the network and talk to a remote server, uninhibited. EDR will help, and you definitely need them, as your first weapon. Combined to your EPP (antivirus and endpoint protection), EDR+EPP will not be able to handle everything.

Therefore, now you also need network monitoring and system or application security. If your industry is heavily regulated, you might also need a data and application security system to safeguard your information from data hackers.

To go further, there’s Security Information and Event Management (SIEM

Security information and event management (SIEM)
A SIEM is cybersecurity solution combining security information management (SIM) and security event management (SEM) in order to analyze logs and events generated by all kinds of sources, like systems, applications and network devices.
TEHTRIS SIEM is delivered through hardened enhanced virtual appliances that can be deployed on-premise or in the cloud, through a SaaS service. TEHTRIS SIEM can gather all security logs and generate alerts thanks to an internal correlation engine. TEHTRIS SIEM is part of the TEHTRIS XDR Platform, which helps detect intruders by combined the power of all the related tools, like EDR, EPP, honeypots, etc.
“>SIEM). This acts as a hub to integrate flow logs from various sources like systems, networks and applications monitoring logs together under one purview.

In order to go certain steps further in ensuring cyber resilience, you also might want to explore the applications of

Honeypots are fake resources that can be used to delude attackers. As an example, this could be a fake computer added in a real network, so that any incoming communication might look like something suspicious, as nobody should talk with it. This is something really complex, but it can help at finding remote attackers as soon as they got an access, trying to explore your own infrastructure.
TEHTRIS Deceptive Response allows you to easily add many honeypots inside your infrastructure, with specific tricks like the monitoring of intruders activities: video of hacking sessions, etc. TEHTRIS Deceptive Response is part of the TEHTRIS XDR Platform, which will increase the detection of intruders by mixing the power of all the related tools, like EDR, EPP, SIEM, etc.
“>Honeypots (Deceptive Response),
  • Network Traffic Analyzers (NTA
    Network Traffic Analysis (NTA)
    An NTA appliance can analyze traffic in order to find unusual activities and attacks. It combines behavior analysis, artificial intelligence, and NIDS-type signature-based features.
    TEHTRIS NTA also adds a passive audit feature, that can listen to the traffic in order to detect specific vulnerabilities. This is very useful in environments where it would be dangerous to launch active audit operations: OT, production, etc. TEHTRIS NTA is part of the TEHTRIS XDR Platform, allowing security analysts to link information from the systems to the networks.
    “>NTA    , NIDS
    Network Intrusion Detection System (NIDS)
    NIDS are solutions that analyze traffic and try to find unusual activities, like scanning, intrusion attempts, lateral movements, exfiltration, backdoors, command and control, etc.
    This was initially done through signatures, but over time some solutions evolved to NTA. TEHTRIS NTA includes NIDS features with more than 50,000 regularly updated rules.
    “>NIDS    , Flow analysis),
  • Security Operation Center (SOC
    Security Operations Center (SOC)
    A SOC is a group of people that monitor the security of information systems. It is traditionally linked to cybersecurity monitoring, protection, and security assessment for any kind of assets like websites, applications, databases, data centers, servers, networks, desktops and other types of endpoints. They are all monitored, assessed, and hardened.
    There are new activities that have emerged, like Managed Detection and Response (MDR), which focuses less on assessing every single element, and more on in-depth analysis over essential evidence, with complex analysis on intrusion attempts.
    SOC and MDR activities are usually proposed by Managed Security Service Providers (MSSP) in many different formats, like internal, external and hybrid. Specific teams like CERT or CSIRT can also be part of SOC teams for certain crisis situations.
    A SOC should link people, processes and technologies (ISO 20000) to provide situational awareness through the detection, containment, and remediation of IT threats.
    SOC should allow to link people, processes and technologies (ISO 2000) to provide situational awareness through the detection, containment, and remediation of IT threats.
    TEHTRIS SOC can deliver day to day services by hunting down security issues and by delivering enriched data to identify, analyze, investigate and report incidents. TEHTRIS XDR Platform also has actual partners offering worldwide services like SOC, MDR, security assessments, crisis management, governance, compliance and so on.
    “>SOC    ) and Managed Detection Response (MDR),
  • Artificial Intelligence and enhanced algorithms (Behavior Analysis),
  • Cyber Threat Intelligence (Databases, Sandboxes) and tools with IoC, Hunting,
  • Security Orchestration Automation and Response (SOAR
    Security Orchestration, Automation and Response (SOAR)
    A SOAR solution centralizes cybersecurity information in order to propose automatic responses. These actions can be active, like a direct neutralization of a malware, or they can be indirect and complex, like outstanding investigations. Automatic behaviors are previously configured, thanks to a workflow engine. Each written scenario is a playbook that will know what to do, when something happens, etc. Usually, a SOAR is a very expensive tool that takes months to be deployed, because all the external components have to be configured and integrated inside the SOAR, with potential API issues and risks regarding the related management.
    TEHTRIS XDR Platform is delivered with an integrated SOAR. The difference between this and a global SOAR is that it is incredibly cheaper and it works from day one. Why? Because our integrated SOAR focuses on TEHTRIS ecosystems, meaning that native internal API are used between all our products like EDR, EPP, SIEM, etc. According to us, this is the fastest way to get automation between your security products, like your antivirus and your EDR, for example.
    Our integrated SOAR inside TEHTRIS XDR Platform performs automatic actions 24/7, without human intervention, and without the risk of forgetting something in the significant number of logs. This automatically enriches your organization’s security tickets and eliminates some security intruders.
    “>SOAR    )

    • And then you might think it’s too complex or too expensive? It’s not. It depends on the technology and products you’ll choose.

    TEHTRIS XDR

    Extended Detection and Response (XDR)
    XDR brings a whole new take on cybersecurity. It is a platform that can be easily deployed to combine the power of many powerful sensors like EDR, EPP, SIEM, NTA, Cloud Workload Protection Platforms, honeypots and so on.
    TEHTRIS XDR Platform is one of the first, if not the first platform that was able to propose such a cybersecurity model. Delivered through a SaaS model, TEHTRIS XDR Platform allows medium-size to large international companies obtain an extremely efficient technical security solution worldwide. It already caught many state-sponsored hacking groups like APT teams with stealth behaviors (and almost zero weapons). This is definitely the best solution against modern and future threats.
    “>XDR Platform is a smart put-together service offering by TEHTRIS to build your holistic cybersecurity program. Efficient, smart and easy. Already deployed in more than 50 countries. It works. We blocked state-sponsored hackers, unknown ransomwares, etc.

    The bottom line is, in order to handle global threats, we need a global outlook on cybersecurity, and tools that can help us reach a level of intermediate if not high cyber resilience.

    At TEHTRIS, we have a clear understanding of your best cybersecurity strategy and implement it for you.

    Any business is as cyber-strong as its weakest link. What are you doing to ensure cyber resilience?