A New Era in Cybersecurity – Assume Breach Mentality

As we kickoff a new year of 2021 and begin marching towards this year’s goals and objectives for success, I wanted to share thoughts and feedback around the ever-growing elephant in the room called cybersecurity. It has been a challenge for small businesses for many years, and unfortunately the silver bullet to solve all the risks and vulnerabilities has yet to be found.

Many organizations have continually improved their cybersecurity defenses over the past few years as a constant stream of breaches and hacks have monopolized the headlines around the world. So, what is next in 2021 in relation to cybersecurity? In short, more of the same. The cat and mouse game will continue, blue teams (defense) and red teams (offense) will get better. The cats will catch some of the mice, the mice will outsmart some of the cats, and around we will go.

There are two concepts that I want to share which I believe will significantly alter the strategy for your organization and the effectiveness of its cybersecurity. They are “assume breach” of “the crown jewels”. Let us dive into each of these a little bit more.

Assume Breach

If we start with “assume breach”, we are shifting our strategy for building our cybersecurity program with the mindset that we have been, or will be, breached by a threat actor. In most cybersecurity breaches that are publicized, we often find out that threat actors have been soaking in the environment for months. This persistent access allows them to move through the organization and its digital assets locating, identifying, and evaluating what is critical to the organization, allowing them to establish the best plan for extracting value.

• Some threat actors will attempt to stay in the system undetected, siphoning off personally identifiable information that is then sold on the dark web.
• Others will extract trade secrets or other intelligence that could be sold to competitors.
• Or some just monitor transactions such as email and accounting looking for the big payday when they can launch their attack.

In these cases, the threat actor has already gotten through the cybersecurity defenses or controls intended to protect the system. So, what would it look like if we started planning with that mindset? Would we do things differently? Would we implement more controls that are closer to the “crown jewels?”?

The Crown Jewels

Often the most basic of items are overlooked or not scrutinized because of the technical controls (the flashy items) that are installed. We believe that the firewall and antivirus will be enough. That simply is not the case, and taking this assumed breach approach means we might take more time evaluating controls such as:

• Multifactor authentication on any public facing access point that leads to data.
• Stronger access controls such as data classification and labeling.
• Deeper adoption of data encryption and data loss prevention.
• Continuous monitoring of systems using a Security Operations Center (SOC)
• Deployment of more advanced tools like endpoint Managed Detection and Response (MDR)

All in all, the goal is to protect the “crown jewels” of the organization, whether that is data, knowledge, product, etc. But what if you do not know what the crown jewels for the organization are? If that is the case, ask yourself this one question….

• If the entire system is down when you arrive to work tomorrow, what are you going to ask your team to focus on first?

This simple question should lead you to what is most important for the organization to be operational and to be providing the goods or services that your clients or community rely on. With this information in mind, you can then explore the assumed breach mentality to arrive at a fair evaluation of your existing cybersecurity defenses. If you have anxiety during this process, do not worry, that is to be expected. The goal is that by the end, once you have identified the crown jewels and worked through the assumed breach exercise, you will have more confidence in your existing controls or a better action plan to develop the necessary cybersecurity defenses to protect your organization.

At Axxys Technologies, Inc. we have invested considerable resources in building our team to help support your needs in information technology (IT) and cybersecurity. We are here to assist you in exploring concepts like these to ensure your organization has the peace of mind it needs to move forward in these times of seemingly endless cyberattacks. Contact our team today to review your needs related to IT and cybersecurity.