Malware Manual – Part 5: 3 Keys for Cybersecurity Response Planning

1/30/2019

Cybersecurity PlanRecently, the international research and advisory company Gartner, Inc., predicted global corporate spending on IT security will increase 12.4% this year over 2018 to roughly $124 billion.

The driver of all this spending growth? Security risks, business needs and industry changes.

"Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business," said Siddharth Deshpande, research director at Gartner. “Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation (GDPR) are driving continued growth in the security services market."

An increased focus on building detection and response capabilities, privacy regulations such as GDPR, and the need to address digital business risks are the main drivers for global security spending through 2019.

We agree, which is why we advocate companies of all shapes and sizes across industries apply the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST). The NIST framework encapsulates a thorough, structured approach to managing cybersecurity holistically according to five tenets:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

The last three of these five principles provide what NIST calls “opportunity for future improvement” – especially the “Respond” stage, which emphasizes planning, communications, analysis, mitigation and process improvement.

How can you translate NIST’s direction into action? In his post, Robinson recommends starting with your mindset. Conduct cybersecurity response planning according to these three keys, in this sequence:

  1. Establish your organization’s definition of “good security” – “Technical experts may have a good understanding of potential pitfalls, but business unit employees may only have a gut feel that things are not as they should be,” Robinson says. “In a new corporate setting where these different groups collaborate more than ever on technology strategy, a common definition of secure practices is a crucial first step.”
  2. Identify appropriate “triggers” for changing security – “Too often, businesses assume that the absence of catastrophe indicates adequate security,” explains Robinson. “Instead, decision makers must be educated on the correlation between IT architecture changes and security vulnerabilities.”
  3. Consider the breadth of the “threat landscape” – Per Robinson, companies tend to place emphasis on the most recent and more familiar types of attack. Your approach, however, must include a more sophisticated risk assessment.