No organization is free from the impacts of cyberattacks. Even during the pandemic, cyberattackers were targeting organizations like the World Health Organization (WHO) itself, which witnessed a significant rise in cyberattacks amid also having to address global healthcare issues arising from COVID-19. It is imperative to be more prepared, particularly through regular security exercises, due to the rapidly increasing sophistication and volume of cyberattacks.
This question can be linked to security. Think about it: Why is it that military organizations continue to conduct drills and combat exercises? It is the same reason cybersecurity exercises are required every now and again that military organizations conduct endless combat drills. Cybercriminals continue to find new ways to find vulnerabilities and attack security defenses, despite the fact that cybersecurity technology continues to improve.
Effective and continuous threat exposure management involves not just the purchase and deployment of cybersecurity tools. Rather, it involves a programmatic approach to cybersecurity–continuously planning, monitoring, and reducing risk levels. This is done through validation technologies that ensure prioritized and contextual remediation actions, which enables decision-makers to better understand and engage.
Evolving cybersecurity strategies
Before we get into the discussion on the effectiveness of cybersecurity, it’s worth mentioning the MITRE ATT&CK framework. Because of its extensive collection of cyberattack tactics and techniques, it has gained attention in different parts of the globe.
MITRE stands for the US government-funded agency that has a significant cybersecurity practice, which was founded at MIT in 1958. ATTACK stands for Adversarial Techniques, Techniques, and Common Knowledge. It is a valuable resource for analysts and security professionals who are interested in validating and evaluating the effectiveness of security defense systems.
Before MITRE ATT&CK, organizations had to manually execute commands on a target host server in order to verify that their defenses were working properly. These commands are often derived from open-source tools or information banks. Automated penetration testing software and red teaming resources are another way to assess and verify security effectiveness. It can be handled by one of the top U.S. penetration testing companies with relative ease.
Both automated and manual pen-testing methods have their limitations, especially when it comes down to simulating an attack chain that includes multiple vectors. They may not keep up with the latest threats and mitigation techniques.
The MITRE ATT&CK framework makes cybersecurity testing collaborative, crowdsourced, and transparent, thus contributing to a more effective threat exposure management. It improves the speed and efficiency of the testing process. It does not alter the need to continue security testing. This makes it easier, while still addressing the need to perform regular security testing.
Even with the presence of these tools and frameworks, though, organizations still face big challenges in protecting against the ever-growing threat of cyber-attacks.
The skills and talent gap
Many still believe that a well-planned and meticulously developed system should be sufficient. This mindset does not mean that organizations should settle for mediocrity. However, they are not able to accept the fact that even the most well-designed systems and best developers may not always produce the desired results.
For one, not all organizations are capable of preparing for, and responding to, threats. Forty-nine percent of organizations lack the ability and tools for adequate incident response, according to a report.
It does not help that organizations are seriously understaffed in cybersecurity. A survey by ISACA (formerly the Information Systems Audit and Control Association) found that 61% of organizations feel they are understaffed in terms of cybersecurity professionals. Fifty percent of respondents said applicants were not sufficiently qualified for security positions.
Therefore, businesses need to conduct extensive research and hire trustworthy and knowledgeable cybersecurity consultants who can keep their operations secure. Experts can put in place a variety of measures, including red teaming, application penetration testing, hybrid app assessment, etc.
Humans are still the weakest link
However strong an organization’s defenses may be, humans remain the weakest link. MITRE ATT&CK provides a framework for identifying and identifying vulnerabilities that are attributable to people.
Take the case of social engineering attacks. In February this year, for instance, Microsoft warned that Russian hacking groups have been targeting Ukrainian government agencies and non-governmental organizations. This campaign was found to have been targeting organizations that were critical to emergency response and which ensured sovereignty of Ukraine’s territory, since 2021.
This involved a strategy called spear phishing, wherein emails containing malware and tracking pixels were sent to inboxes within the concerned organizations. Such targeting and vulnerability is a stark reminder that even organizations that are involved in critical services are targets.
It doesn’t matter how strict a security system may be, if employees fall for deceptive schemes it is easy for them to contribute to the destruction of their company’s or even a state’s defenses.
Security professionals can identify weaknesses in their systems and make necessary improvements. Cybersecurity experts recommend testing for vulnerabilities at least once per year, and whenever there are significant changes in an organization’s IT resources such as the relocation of offices or the purchase and replacement of new equipment.
The future of work and the rise of heterogeneous endpoints
It is impossible to believe that fool proofing can be achieved even after making the necessary adjustments. Sometimes the results are unclear or confusing. Sometimes, companies working with limited resources must make tough decisions to save money.
Occasionally, organizations may have to choose a low-cost solution because it is acceptable internally. However, external inputs can make this difficult. The security team will need to create contingency plans in such situations to plan for any unforeseen circumstances.
It is also possible for organizations to have the wrong security mindset. The development and implementation of a cybersecurity strategy can be hampered by compromises. Effective cybersecurity strategy will require organizations’ security teams to have access to valuable information that allows them to develop contingency plans for the possibility of system failures.
Even the most meticulous planning and the presence of top security talent do not guarantee infallibility. Even worse, if the security system is not up to standard or is deliberately made less than optimal. This can be a result of emerging trends like working from home, BYOD, and hybrid working environments, particularly made more popular during the pandemic.
The takeaway
There is no reason for organizations to be lax about their cybersecurity practices and strategies. Organizations and enterprises can easily incorporate the MITRE ATT&CK into existing systems. Enterprise solutions can also be used to evaluate and validate the effectiveness of cybersecurity defenses. However, the real challenge is in ensuring continuity in threat exposure and management, in order to proactively address cybersecurity challenges.
