NCTIES20 Charlotte

by Mar 1, 2020Events

Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying:

In simple terms to avoid losing, you must be able to defend. Knowing this, you can never spend too much on building a strong defense. You have to have a plan, a campaign, a roadmap.

  • A Cyber Roadmap is a great way to do it.

What would Sun Tzu say about how to measure, mitigate and Transfer Risk?

  • In simple terms, he would suggest you first know what you are defending from attack, where it is on the terrain, the how your forces are arrayed and where will the enemy attack.

Sun Tzu understood the concepts of how to array forces for conflict and he also knew the importance of how to manage them in groupings that made sense. Today those groupings are known as “engagement areas,” think of them as zones in the battlefield. These zones should be organized in a way that maximizes what needs to be defending from the ground up, an end-to-end approach.

  • Inventory assets: Inventory what you are defending using what you own to be more offensive in your defense.

  • Segment your terrain: He would suggest once you know what you are defending what is the risk tolerance you are willing to place on it and where is it located on the terrain you are defending.

  • Establish your perimeter: Know how and when you are going to enter into the conflict so that you are defending on your terms and not the attackers.

  • Understand the area of conflict. Finally, as a student of combat, he would examine who are allies, friendly elements, enemy elements and past events to establish a hypothesis.

Armed with this analysis and his zones of defense Sun Tzu would then use probabilistic reasoning to determine what the enemy’s most probable course of action would be and create a more aggressive defense in depth that will attrit and reduce the threats in each engagement in order to win the fight.

Build a Campaign (A Cyber RoadMap)

Unlike their military counterparts in Land, Sea, and Air warfare most IT professionals in Cyber-warfare do not have a Phased Cyber “Combat” Plan that defines the zones of their defense in depth. Companies don’t put a Cyber RoadMap in place because of competing priorities, limited resources, manual approaches and . . . Complacency.

“The worst thing that can happen to a good cause is, not to be skillfully attacked, but to be ineptly defended.” ― Frédéric Bastiat

Building a Cyber Roadmap is a preemptive and proactive campaign to get “Left of Bang” (Left of Breach) to counter for the breach (that most believe will never happen to them). Unfortunately the Breach Beast is out there, and it is coming to an organization near you. Even Bilbo Baggins, the Hobbit from JRR Tolkien, understood underestimating the beast that threatened him:

“It does not do to leave a live dragon out of your calculations if you live near him.” ― Bilbo Baggins, a Hobbit

On the internet, everyone lives near “him” the beast, and everyone needs to put a plan in place. @RISK embeds a Cyber Roadmap to measure the kinds of Capabilities you have in your network and what your Gaps are.

“I’ve got firewalls, VPNs, up-to-date anti-virus software, malware detection, trustworthy employees and, we haven’t been attacked, yet.” ― Most Organizations

The most important word is “yet.”

A Cyber Roadmap will help you to define your risk by zones:

  • Ecosystem risk

  • Perimeter risk

  • Network Segment risk

  • Asset risk

Establishing these zones enable any organization’s ability to Identify, Protect, Detect, Respond and Recover from a Cyber attack more effectively. They help build awareness about the magnitude of the cyber threat facing your organization by surfacing the gaps in your network before a threat has a chance to exploit them. It will displace an atmosphere of complacency from the basement to the Board room. A Cyber RoadMap will help you:

Measure Risk

In Cyber terms, build an end to end solution from the ground up. At the Asset level, what digital devices have you inventoried on your network attack surface and how are they arrayed in network segments? What have you done to attrit risk at the perimeter and have you conducted an ecosystem risk analysis to prevent threats from over whelming your firewall? Most Organizations today have already lost the fight before they start and most Insurance companies don’t realize that.

An estimated 85%, fail in their efforts to inventory and account for what they own and place it into a Configuration Management Database. Recent studies show that 96% of Organizations only can account for 15% of what is on their network. Why would a business want to know what is in their network, and why do they fail in finding out?

For the same reasons they don’t have a Cyber Roadmap in Place: Competing priorities, limited resources, manual approaches and . . . Complacency. Using a Cyber Roadmap will help you measure because you will be able to:

  • Identify the frequency, type and score of the devices and software you own using the National Vulnerability Database

  • Establish risk tolerance by Network segment because you will have an accurate inventory of what you must defend

  • Leverage the power of automation using risk tolerance playbooks

  • Determining the production impact of software and systems if attacked

  • Establish the number of records that, if accessed by an unauthorized person or stolen, what the breach cost will be to clean them up.

Mitigate Risk

A Cyber Roadmap will enable Cyber professionals to forecast the threats most probable course of action from their ecosystem, and enable an Organization to corroborate with the inherent risk of what they own already to be more preemptive at the perimeter. A Roadmap will help to reduce the likelihood of a compromise because it enables each zone to attrit or reduce risk in each zone bi-directionally. This reduces the number of non events so that systems and analytics work on those events that have a higher probability of normal activity making abnormal or shady activities surfaced faster. We call this “Left of Bang” Cyber Situational Awareness.

Get “Left of Bang” to Mitigate Risk

Mitigating risk will enable an IT professional to get left, or ahead of the breach because they are able orchestrate and automate the response before it is too late. Using a Cyber Roadmap will help you mitigate risk because you will be able to:

  • Build a Threat Most Probable Course of Action and Activities for your organization and your business ecosystem

  • Deter the threat by massively reducing the physical, logical and ecosystem attack surface

  • Preemptively improve the signal to noise ratio while improving network performance

Transfer Risk

Transferring risk is really about the effective planning for loss. This logic readily applies to Cyber Liability. The problem is that today’s approaches to planning for failure are fundamentally flawed because the Insurance Carriers and Insured are unaware of some elementary principles that will have maximum impact.

Today, Cyber Liability standards have yet to be fully settled. A key contributor to the ambiguity has to do with the fact that organizations including carriers have not quite figured out how to organize themselves around the issue of cyber-risk management.

That said, the National Association for Insurance Commissioners provides some useful guidance :

“Most businesses are familiar with their commercial insurance policies providing general liability coverage to protect the business from injury or property damage. However, most standard commercial lines policies do not cover many of the cyber risks mentioned below. To cover these unique cyber-risks through insurance requires the purchase of a special cyber liability policy.”

The NAIC goes on to mention that cyber-risk remains “difficult for insurance underwriters to quantify due in large part to a lack of actuarial data.” Today the type of business operation and revenue generally will dictate the nature and cost of cyber liability coverage. Using a Cyber Roadmap will help you transfer risk on to an Insurance Carrier because you will be able to:

  • Understand how much of your Cyber Liability Premium Dollars Organizations should allocate for breach activities

  • Effectively measure your Cyber Road Map against the kinds of Capabilities an Organizations owns to effectively Identify | Protect | Detect | Respond | Recover

  • Fuse Directors and Officers and Errors and Omissions policies to the extent that People, Process, Technology, Data, Risk and Compliance initiatives are appropriately insured and risk transferred

@RISK’s A.I, powered Cyber Roadmap mimics the patterns of human cognition skill of corroboration versus correlation to create a more holistic and unified approach to Cyber Security Management. Quorum™️ is @RISK Technologies next-generation fusion of Unified Threat Management (UTM), and it has embedded many of the features associated with:

  • Security Information Event Management (SIEM)

  • Managed Detection Response (MDR)

  • Security Orchestration Automation Response (SOAR),

  • Intrusion Detection/Prevention Systems (IDS/IPS) , and

  • Governance, risk management and compliance (GRC):

All features embedded as parts of Quorum™️ to operate like a SOC-in-a-box that will:

  • Measure, Mitigate and Transfer Risk

  • Unify your Cyber defense iteratively and methodically

  • Preemptively reduce the signal to noise ratio that removes false positives and surface false negatives

  • Proactively amplify the threat signals while improving normal network operations

SOC – IN – A – BOX

Suggested Reading

NCTIES20 Raleigh

NCTIES20 Raleigh

Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...

Secure World

Secure World

Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...