Strengthening cybersecurity preparedness with defense in depth

In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity.

What are the top cybersecurity preparedness measures that businesses should implement?

Continuous and ongoing threat modelling is very important for modern businesses. Cyber threats are constantly evolving, making a static approach to security incredibly risky. Similarly, practicing defence in depth through layered security monitoring and tooling can prepare organisations to detect suspicious behaviour within a system and react fast, before threat actors can access the most sensitive data and operations. This informs a critical measure: zero trust. Successful businesses must be able to decipher lateral movements within their organisation, and to limit unauthorised movements within micro-perimeters.

How do international inconsistencies in cybersecurity preparedness affect global business operations, and what can be done to mitigate these issues?

Compliance is a common cause of inconsistencies, as global businesses implement a patchwork of global security controls to fit each regions’ data regimes. This causes organisations to take the path of least resistance, ultimately aiming for minimum requirements, but this is thankfully changing. Now, organisations are increasingly taking the most stringent parts of dictates and regulations and implementing them worldwide. They understand that any gaps are a risk, and complexity makes security posture harder to maintain. By fostering collaboration between security and legal teams, organisations can build far better trust, both internally and with stakeholders.

Can you elaborate on the board’s role in preparing for and responding to cybersecurity incidents?

In 2024, cybersecurity must be a board priority. The key to making cyber preparedness a genuine boardroom conversation lies in being able to speak pragmatically about the ROI of security plans, whilst showing a downtrend in risk. At this level, the conversation should move beyond just preventing or thwarting a nefarious cyberattack, security initiatives can boost maturity, reduce legal risks, and improve operations.

It is easy to see this shift in security frameworks. Historically created by technical individuals to communicate security protocols to non-technical leaders, these often failed to shake the jargon. But now frameworks understand the need to be business focused. The CIS Risk Assessment Model (RAM) and CIS Security Controls Metrics (SCM) map the principles of the universally respected NIST framework onto high level pillars, allowing security to be discussed and understood by business leaders. If leaders don’t understand the multitude of risks and tactics facing their security teams, it becomes hard to truthfully report and remediate gaps in security posture. Every organisation will have a certain appetite for risk, but being appropriately informed is what allows them to do that in real time.

What technologies and methodologies should CISOs prioritize for advanced threat detection and response to minimize the impact of sophisticated cyberattacks?

Zero trust is key to identifying and mitigating serious threats. Globally, 64 percent of IT and security leaders expect to see zero trust mandated by government in the next two years, and organisations have been working to implement network segmentation and improve their visibility.

But, really, the winning recipe for organisations is to build a deep understanding of their entire infrastructure, one that optimises tools to achieve a unified standard of visibility. Organisations often invest in multiple security tools without seeing much impact, to the extent that 70 percent of CISOs don’t believe their tools are even effective at detecting breaches. To drive real change, new tools need to be implemented, configured, and brought into a wider security strategy. Effective tool stacks need to be fed with the right data, in the right place, at the right time to find threats exactly when they need to.

What should be the key components of a crisis management and communication strategy in the event of a major cybersecurity incident?

Loss of shareholder confidence is a very real consequence of a security incident. Businesses that fail to take appropriate measures, are slow to disclose, or offer a lackluster response will see long-lasting reputational damage. Effective incident response does not require that businesses immediately detect and understand an ongoing breach, just that businesses do everything possible to reduce the blast radius of an attack and inform and protect all affected.

From legal and security teams to customer success and engineering – all internal stakeholders need to be part of a pre-established incident response strategy. Once established, this plan should be rehearsed regularly to become muscle memory. The worst time to discover a gap or weakness is during an incident. Tabletop exercises empower businesses to avoid rash decisions in a crisis. Combining this with continuous threat monitoring allows security leaders to detect and analyse an incident faster, informing the appropriate response.