It’d be hard to miss the conflict between Russia and Ukraine, and the danger that individuals, companies, and European governments face, from land, air, and cyber attacks. So, we’ll assume that you don’t live under a rock. With the vast majority of Western national critical infrastructure assets under the control of private industry, enterprises are sure to find themselves in the crossfire as the scale and intensity of offensive cyber activity ratchets up in the coming days and weeks.
Cyber saber-rattling aside, we’ve been in a constant state of cyber conflict for years. For security leaders, this latest escalation should hardly serve as a first wake-up call to shore up defenses and maintain a constant state of watchful vigilance.
This isn’t just a warning for large multinationals. SMB, SLED, local utilities are all in the line of fire, representing either opportunistic targets, collateral damage in scaled attacks, or relay points in complex compromise scenarios targeting other environments.
The decisive factor in our ability to defend against military-grade offensive activity will not be the individual defensive capabilities of each enterprise environment. Outcomes will be determined by our ability to coordinate detection and response efforts and maintain real-time visibility to inbound threats and our defensive capabilities.
If you’re digging out your months-old compliance reports to shake at the incoming malicious traffic heading your way, think again. To have any hope of maintaining operational resilience in the face of sophisticated threats, you need to be operating on the same timetable as your adversaries: real-time, credible, realistic picture of your assets, controls, and capabilities is a must.
That means converged data models that treat your compliance and security data as a source of actionable intelligence and decision support, not report fodder. It means continuous understanding of the risk-to-mitigation time gap (similar to but distinct from time-to-detect or time-to-respond metric used in incident response) and risk visibility gaps that impact your defensive posture. It also means being honest and credible in your holistic assessment of your entire risk and security management program, not just its technology components – meaning data-driven insights as opposed to individual opinions of risk analysts substituting for technical evidence about your controls state.
Si vic pacem, para bellum – or you can bring that outdated static compliance report to your congressional hearing. Your choice.