EDITOR’S QUESTION
////////////////
ADAM PALMER, CHIEF
CYBERSECURITY
STRATEGIST, TENABLE
Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
Any increase in cybercriminal
activity is a concern. However, the
majority of attacks seen in the last
few weeks are all variations on traditional
attack methodologies. This is positive in
that basic cyberhygiene remains the most
effective defence.
With many employees now working
remotely, organisations need to ensure they
have visibility of all devices, regardless of
ownership, that are being connected to the
corporate network. Asset visibility is crucial
as it’s impossible to protect and manage the
unknown. Having identified the expanded
corporate perimeter, security teams must
identify and prioritise high-risk vulnerabilities
for mitigation.
Utilising threat intelligence, vulnerability
prioritisation and probability data allows a
CISO to focus on those vulnerabilities that
are at high risk of being exploited. This
improves overall security in normal times
and becomes even more important in a crisis
when resources are stretched.
Business leaders will be looking for
reassurance of their security, so it is
important for the security team to also
present quantifiable measurements of risk
and to highlight and prioritise what matters
most. The ability to effectively explain the
security programme in business terms is
critical to gaining internal support, especially
when resources are strained. Identify risk by
business unit, asset and geo-location with
particular focus on critical assets detailing the
risk should they be exploited. This supports
strategic decision-making by business leaders.
Remediation actions should be prioritised
to what actually reduces the organisation’s
cyber-risk. This requires the security team
to drill down into specific vulnerabilities or
assets to identify and support controls that
are more effective rather than wasting time
and resources.
As aforementioned, some devices that
form the new expanded corporate network
are personally owned. It’s important that
employees understand the importance of
installing updates on these devices as soon
as they are available. Far too many people,
including the most tech-savvy, ignore
system updates and patches. This allows
obsolete or unsecured devices to connect
to the corporate network and potentially
exposes the organisation to dangerous
new vulnerabilities. Organisations must also
carefully assess and monitor risks associated
with unpatched devices.
Many security professionals may think their
only option to improve security is to buy
“
UTILISING
THREAT
INTELLIGENCE,
VULNERABILITY
PRIORITISATION
AND PROBABILITY
DATA ALLOWS A
CISO TO FOCUS
ON THOSE
VULNERABILITIES
THAT ARE AT HIGH
RISK OF BEING
EXPLOITED.
more security tools. However, they may
not be fully considering their long-term risk
reduction strategy. Even worse, good tools
may go unused because teams do not
understand key features.
A modest investment in professional services
to train staff to fully utilise existing tools and
effectively manage vulnerabilities may reduce
wasted time and effort. This is always critical,
but even more important at times of crisis.
36 INTELLIGENTCIO www.intelligentcio.com