Five ways to strengthen your security posture before high-incident seasons

January 19 2023
 

Here are five ways to protect your organization from cybersecurity attacks and vulnerabilities during high-incident seasons.


With the busy holiday season over, is it safe to let your guard down concerning cybersecurity? Not exactly.

While the holiday season is often seen as prime time for cyberattacks, it’s not the only time of year organizations experience a surge in cyber threats. From tax season to the busy summer travel months, opportunistic cybercriminals always look for ways to exploit your security vulnerabilities. Even Mother’s Day and Memorial Day weekends in the United States have seen a surge in ransomware attacks, according to a report issued by the FBI.

And for those caught in the crosshairs at the organization’s busiest and most important times of the year, consequences of security gaps can wreak havoc.

For this reason, the start of the year presents an excellent opportunity to prepare against potential cyber threats that may strike your organization during high-incident seasons. By proactively strengthening your organization’s security posture, you can stay ahead of bad actors and the changing threat landscape.

Security leaders share how to prepare for high-incident seasons

To help you adopt a proactive mindset and implement an action plan, Sr. Director of Product Management, AppSec and Observability at Cisco AppDynamics, Randy Birdsall, spoke with Chief Technology Evangelist, Rackspace Technology, Jeff DeVerter, and Cybersecurity expert and Director of Incident Response, Dragos, Lesley Carhart, about the value of being prepared for a cyberattack. They outlined five ways to reduce your exposure to threats during peak incident seasons

1. Develop cybersecurity-savvy employees

A 2022 (ISC)² report found that the cybersecurity workforce is growing. And yet, there remains a global shortage of 3.4 million people in this field. This shortage leads to talent poaching and teams facing difficulties monitoring and responding to cybersecurity vulnerabilities.

DeVerter acknowledged that on certain occasions, external cyber experts are needed. But a more efficient way to close the talent gap is to identify and train your junior staff members. These individuals already understand the inner workings of your organization. Therefore, “security is just another tool they will be taught and get to exercise,” he shared. It’s also an effective way to boost workforce retention.

Leaders are also responsible for ensuring everyone understands they play a part in cybersecurity in their day-to-day work. All employees can benefit from simple guides and tutorials that help identify and combat threats such as malware and phishing scams. As soon as new risks arise, loop them in right away.

2. Maintain a vigilant approach to basic security measures

Despite sensational news stories about zero-day attacks — when hackers exploit a flaw before developers can address it — human error is to blame for 95% of cyberattacks. It’s a disturbing statistic, but the good news is that you have a solution at your fingertips.

“So many of the incidents I go into are just the basics. It’s an exposed system, credential reuse, phishing — very simple things,” Carhart noted. Other factors, such as outdated monitoring tools and compromised legacy systems, are also huge contributors.

Basic blocking and tackling can do the trick, according to DeVerter. Standard practices such as updating your software, implementing password changes, securing files and device encryption can have a significant positive impact. Double down on confirming everything works and is up-to-date.

3. Understand the value of baking security into your processes

By detecting and fixing security bugs early, you can avoid costly and time-consuming mistakes. Instead of viewing security as the final checkpoint before going live, DeVerter recommended considering it from the earliest parts of the design.

DevSecOps, also known as secure DevOps, is a modern approach to software development that embeds security throughout the application lifecycle to reduce risks. By taking this approach, you can ensure security protections — such as threat modeling and vulnerability assessments — are engineered into the app as it’s being built. Leveraging application-first security tools can also help you automate security and consolidate critical data into early stages of development, where the stakes are highest.

4. Conduct tabletop exercises to increase situational awareness

“In cybersecurity, likelihood is so hard,” Carhart asserted. Risk varies from industry to industry. And there simply isn’t a guidebook to draw from. No hard and fast rules. No mathematical equations.

DeVerter suggested tabletop exercises to find vulnerabilities inside your organization without being directly confronted by a threat. He pointed out, “The best way to be situationally aware is to understand where other folks have, unfortunately, been hit before.”

Stay updated with exploits in the news. Then, adapt the environment to match your business. The goal is to see how effective your incident response (IR) plans are and to create actionable strategies to enhance security over the coming months.

Birdsall also cited these tabletops as a potential eye-opener for business leaders. Through these exercises, security teams can demonstrate potential threats and build leadership buy-in for cybersecurity initiatives.

5. Don’t shortchange your incident response plan

A third of mid-sized organizations still need an IR plan, according to a 2022 Egnyte report. But here’s the thing: A breach can occur anytime, regardless of the organization’s size.

“Even if you don’t think you’re a target, you could be somebody’s test bed. They could use you as a jumping-off point to another organization,” Carhart explained, adding that thorough incident planning can save businesses a lot of money during crises and zero-day situations.

The high cost of IR planning can discourage some businesses from prioritizing it, but the cost can easily double if you don’t do it right the first time. Carhart has seen countless organizations go through this: “They had to spend the time and money to have a more reputable organization and consultant come in and do everything from the ground up.”

Cover preparatory tasks, such as basic documentation, asset inventories, and network maps, so that security professionals can focus on forensic analysis in the event of a threat. Delays will only result in larger infrastructure damages and greater financial losses.

When a threat is present, take this step

Following these tips is a great start — but it doesn’t mean you’re off the hook. Cybersecurity is a fast-moving industry fraught with uncertainty. As digital transformation continues, the potential attack surface also expands. Even if your cybersecurity team has taken all the precautions available right now, someone can still exploit them.

In the event of a threat, it’s tempting to discard what’s already in production and make changes in the pipeline. Or quickly implement some mitigation measures, then rectify them.

But DeVerter and Carhart agreed that a broader perspective is necessary to develop a holistic approach. Here’s a simple but sensible tip from them: Observe the situation before responding.

Instead of panicking — which can sometimes cause more damage than the breach — pause to assess. Observing a situation is often the best way to gain insight into your system’s current state. It gives you time to perform risk management. Assess the potential consequences of this situation in your environment and compare them with the outcomes of mitigations and spontaneous updates, patches and corrections. “It can be very brief. But we have to make that decision. And we’ve got to decide what’s going to cause the worst impact, potentially,” Carhart concluded.

Statistics also show that once a company has experienced a cybersecurity incident, it’s 66% more likely to experience another in the future. Observing allows you to learn from the incident and apply appropriate measures to prevent it from happening again.

The same pause reaction can be used when new zero days pop up. Carhart suggested a few things to consider: “Do you have systems in place? Are they segmented off? Will your architecture and other defenses do something to mitigate this risk?” Don’t go into problem-solving mode right away. Taking stock of the situation is the first step.

Safeguard your organization this year

From summer air travel to holiday retail sales, nearly every industry experiences a high-demand season. And while the busiest time of the year is undoubtedly exciting — it can also wreak havoc on your security posture. By proactively implementing these expert-recommended security strategies, you can protect your applications — and your business all year round — from bad actors waiting to take advantage of any security gaps.

Want more ways to strengthen your security posture?

Watch the on-demand webinar, Security tips & tricks to stay safe during high-incident seasons, for more expert cybersecurity strategies. Ready to see how Cisco AppDynamics can help protect your organization from attacks with unified business performance and security observability? Schedule a demo.