Dr. Eric Cole

One of the big problems in cybersecurity is individuals and companies do not believe they are a target. The problem is, they will happen and the probability of you or your organization being compromised is almost a guarantee. Often the smaller the company, the less security, and the easier it is to break in. So organizations that don’t think they are big enough for an adversary to come after them, are often the prime target of attack. Today’s attackers are not stealing a million dollars from one person, they’re stealing $1 from a million people. So those that do not think they are a target, let down their guard, and do not implement proper security, are often the ones that very quickly become victims.

Whether we like it or not, we live the majority of our life in cyberspace. Regardless of the amount of time in cyberspace, we need to recognize that our personal, critical information is stored online in computers. If we do not protect our online information, it will cause detrimental damage to us, our families and our businesses. Whether you realize it or not, you are a target. You are going to be compromised. And only by understanding the threat and taking action, can you be safe in cyberspace today.

You cannot manage what you cannot measure. A common issue with cybersecurity is doing good things, but not the right things that really matter. Missing one key aspect is all it takes for an adversary to break in. In order to stay ahead of the adversary, it is important that companies have critical security metrics to identify what is and is not working. By having proper metrics integrated into a security dashboard, organizations can make the right decisions to protect and secure their critical assets.

One of the most dangerous mindsets an organization can have is that they will not be attacked or that compromises do not occur. This is because when you do not think you are a target, you are not going to focus energy and effort in the proper areas of security. Yet the probability of an organization getting compromised is almost a guarantee. An adversary is after any organization that is in business and has critical data that needs to be protected. It is important to learn what the real threats are to an organization and actionable steps you can take to protect and secure your organization to stay ahead of an adversary.

Many organizations focus on cyber defense, yet they do not really understand how an attack actually works and what the real exposures are to an organization. It is important to learn step by step how an attack actually works and how to use this knowledge to properly protect and secure your organization. When you understand the steps of an attack, how the threat works and what the vulnerabilities are, you can start to focus on fixing the right problems, and properly securing and protecting your organization. The only way to be good at the defense is to understand how the offense operates.

Every time you add servers, new applications, or add functionality, you are decreasing your security. Based on common threats and the persistent nature of the adversary, the problem of an organization being compromised is very high. The challenge with implementing effective security is containing, controlling, and minimizing the damage to defend an already compromised network. Too many organizations focus on prevention and nothing else, so if prevention fails, there is not much else in place to minimize the damage. The real approach to security is timely detection. The key is to accept the fact that a compromise will likely occur and when it does, have a plan detect and respond in a timely manner to contain and control the damage.

Having an effective playbook is necessary if you want to win. Unfortunately many organizations fail to have one for cybersecurity. In most organizations, cybersecurity plans tend to be reactive measures in which organizations are not clear on what to do and when to do it. If you want to win in the game of cybersecurity, you need to have an effective playbook with proper plays that allow you to be able to detect, control, and minimize damage. By understanding the offense, what the adversary is going to do, you can create effective defensive plays to implement in order to win at this game of cybersecurity.

The current model that most organizations use to protect their organization utilizes preventative measures. The problem is today’s adversary is targeted and data-focused. There is no visible sign of an attack. That is why, on average, most organizations are compromised for 27 months before the attack is detected. The model needs to shift from visible detection to proactive analysis within your organization. Taking a proactive approach, where you are actively looking for the adversary, realizing you are already compromised, is the best way that an organization will win and stay one step ahead of the adversary. Today, it’s not a matter of preventing all attacks, but true security is focused on containing and controlling the damage through timely detection.