No matter what city you live in, you have likely seen a police officer conducting a traffic stop or talking to someone on the street. The officer may be issuing a ticket to the red light runner in hopes of changing the driver’s behavior to prevent a potential serious collision. Or he or she may also be talking to a person who seems out of place, gathering intelligence on who they are and why they are there, trying to identify possible criminal activity in a particular location.

Policing the Organization to Reduce Risk

You may be thinking: How does this relate to cybersecurity? Well, it is my belief that the chief information officer (CIO) or chief information security officer (CISO) is charged with the security of the corporate network in much the same way a police chief is responsible for the security of the city. The police chief is responsible for protecting citizens from criminal activity and situations that cause injury, while the CIO/CISO is responsible for protecting the company’s crown jewels from malicious cybercriminals.

Imagine if the police officers were just sitting at the police station waiting for something to happen before they responded. Crime would go up, collisions would increase and the overall risk to the public would be much higher. The police chief reduces these risks by having the patrol officers take a proactive approach to stopping drivers whose behavior is likely to cause a collision or educating the public on how to secure their residences and not become a victim to theft.

What CISOs Should Do

A CIO/CISO who takes a similarly proactive approach in looking for and eliminating threats or risky behaviors can dramatically reduce risk. At a minimum, the organization will be better prepared for a security incident when one occurs.

While many organizations have excellent information technology teams that do a great job of configuring networks in place, the configurations are often designed around functionality and performance, with only a touch of security built in.

Consider security activities that can inform IT organizations of areas where they may want to consider additional enhancements. For example, an active threat assessment (ATA) approaches the network from a fresh perspective, using intelligence from years of incident response investigations and current security trends to identify active threats and risky behavior.

How to Reduce Risk

A thorough ATA should include components such as penetration testing, host scanning and assessment, log analysis and an assessment of essential practices and critical controls.

Pen Testing

Penetration testing, depending on size and scope, can help to identify the unpatched servers that still have exploitable vulnerabilities and find weaknesses through social engineering. Considering that the human factor is the weakest link in any security chain, testing and educating employees should be high on the list of any proactive practices.

Host Scanning and Assessment

Host scanning and assessment should not only include a search for the obvious malware running on the system or residing static on the drive, but should also feature an assessment of the system and program configurations an intruder may use to further traverse the network.

For example, it is not uncommon for administrators to unintentionally leave credentials in configuration or batch files on servers in plaintext; they don’t realize they left the keys to the kingdom under the doormat. While not intentional, this type of risky behavior can be the difference between a simple infection being contained and complete ownership of the network by the malicious intruder.

Log Analysis

Log analysis is an extremely important part of a threat assessment. Firewall logs can show if there is suspicious traffic coming from an internal endpoint, even if that traffic is blocked at the firewall. This can help identify an indicator of compromise. Security event logs may also indicate possible remote desktop connections and brute-force attacks on user accounts.

Additionally, the ability to respond to a security event and follow an intruder through a network depends heavily on network visibility in the form of logging. Threat assessments often flag blind spots in the network logging that could limit the ability to track an intruder or impede the root cause analysis of a situation.

Assessing Practices

The essential practices and critical controls element can be anything from looking at everyday processes and the risk associated with them to examining the architecture of the network for security risks that could improved.

Are You Prepared for a Security Incident?

Networks are commonly referred to as jelly-filled hard candy. Once an intruder gets through the hard outer shell, the rest is the soft and chewy center that yields the most flavor. The hard shell is generally defeated with a breakdown in the human factor via phishing emails, drive-by downloads, etc.

So as you read this and reflect back on your own network and security posture, think about how proactive you are and whether you could do more. It’s only a matter of time until your organization comes under attack. Implementing sound, proactive assessments and thorough testing designed to improve the network security posture will help prevent or reduce the risks when an attack does occur.

The cyber storm is coming. Are you ready?

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read