As we kickoff a new year of 2021 and begin marching towards this year’s goals and objectives for success, I wanted to share thoughts and feedback around the ever-growing elephant in the room called cybersecurity. It has been a challenge for small businesses for many years, and unfortunately the silver bullet to solve all the risks and vulnerabilities has yet to be found.
Many organizations have continually improved their cybersecurity defenses over the past few years as a constant stream of breaches and hacks have monopolized the headlines around the world. So, what is next in 2021 in relation to cybersecurity? In short, more of the same. The cat and mouse game will continue, blue teams (defense) and red teams (offense) will get better. The cats will catch some of the mice, the mice will outsmart some of the cats, and around we will go.
There are two concepts I want to share that I believe can significantly improve the effectiveness of a small business’s cybersecurity strategy. They are “assume breach” of “the crown jewels”. Let us dive into each of these a little bit more.
Assume Breach
If we start with “assume breach”, we are shifting our strategy for building our cybersecurity program with the mindset that we have been, or will be, breached by a threat actor. In most cybersecurity breaches that are publicized, we often find out that threat actors have been soaking in the environment for months. This persistent access allows them to move through the organization and its digital assets locating, identifying, and evaluating what is critical to the organization, allowing them to establish the best plan for extracting value.
- Some threat actors will attempt to stay in the system undetected, siphoning off personally identifiable information that is then sold on the dark web.
- Others will extract trade secrets or other intelligence that could be sold to competitors.
- Or some just monitor transactions such as email and accounting looking for the big payday when they can launch their attack.
In these cases, the threat actor has already gotten through the cybersecurity defenses or controls intended to protect the system. So, what would it look like if we started planning with that mindset? Would we do things differently? Would we implement more controls that are closer to the “crown jewels?”?
The Crown Jewels
Often the most basic of items are overlooked or not scrutinized because of the technical controls (the flashy items) that are installed. We believe that the firewall and antivirus will be enough. That simply is not the case, and taking this assumed breach approach means we might take more time evaluating controls such as:
- Multifactor authentication on any public facing access point that leads to data.
- Stronger access controls such as data classification and labeling.
- Deeper adoption of data encryption and data loss prevention.
- Continuous monitoring of systems using a Security Operations Center (SOC)
- Deployment of more advanced tools like endpoint Managed Detection and Response (MDR)
All in all, the goal is to protect the “crown jewels” of the organization, whether that is data, knowledge, product, etc. But what if you do not know what the crown jewels for the organization are? If that is the case, ask yourself this one question….
- If the entire system is down when you arrive to work tomorrow, what are you going to ask your team to focus on first?
This simple question should lead you to what is most important for the organization to be operational and to be providing the goods or services that your clients or community rely on. With this information in mind, you can then explore the assumed breach mentality to arrive at a fair evaluation of your existing cybersecurity defenses. If you have anxiety during this process, do not worry, that is to be expected. The goal is that by the end, once you have identified the crown jewels and worked through the assumed breach exercise, you will have more confidence in your existing controls or a better action plan to develop the necessary cybersecurity defenses to protect your organization.
At Axxys Technologies, Inc. we have invested considerable resources in building our team to help support your needs in information technology (IT) and cybersecurity. We are here to assist you in exploring concepts like these to ensure your organization has the peace of mind it needs to move forward in these times of seemingly endless cyberattacks. Contact our team today to review your needs related to IT and cybersecurity.
FAQs
What does the “assume breach” mentality mean in cybersecurity?
The assume breach mentality is an approach used in modern cybersecurity strategies where organizations operate under the assumption that attackers may already have access to their systems. Instead of focusing only on prevention, businesses implement monitoring, detection, and response strategies to quickly identify threats and protect critical data.
How does a cyber risk management strategy protect business data?
A cyber risk management strategy helps businesses identify potential threats, assess vulnerabilities, and implement security controls to reduce risk. This strategy often includes data encryption, access control policies, continuous monitoring, and incident response planning to safeguard sensitive information.
Why are cybersecurity solutions for businesses important in an assume breach strategy?
Cybersecurity solutions for businesses play a critical role in an assume breach strategy by protecting critical assets even if attackers bypass initial defenses. Solutions such as multifactor authentication, endpoint detection and response, security monitoring, and data loss prevention help detect unusual activity and prevent data breaches.
What role does a managed IT security service play in modern cybersecurity?
A managed IT security service provides businesses with expert monitoring, threat detection, vulnerability management, and incident response support. These services help organizations maintain strong security defenses without needing an in-house cybersecurity team.
How can businesses identify their crown jewels in cybersecurity planning?
In cybersecurity planning, “crown jewels” refer to the most critical data, systems, or intellectual property that an organization must protect. Businesses typically identify these assets by analyzing which systems are essential for daily operations, customer services, and revenue generation.
