CISOs Should Build Situational Awareness to Thwart Cyber Threats: Study

by CXOtoday News Desk    Jul 12, 2017

cyber security

CISOs and IT leaders in India should hone their situational awareness skills in order to better defend their organizations against cyber threats, said cyber security solutions firm Fortinet.

Human beings are continually looking for knowledge or information to improve the situations they are in. If we live in a crowded city, for example, we want to know which routes are best to avoid getting stuck in traffic. When we enter a restaurant or cinema, we look for the exits. And when a suspicious looking person enters the room, part of our mind automatically keeps track of him. This behavior is known as situational awareness, and it is second nature to most of us.

 

“When people use IT, however, this behaviour surprisingly doesn’t carry over. Theyclick on dubious links without a second thought, open files they don’t recognize, and connect to wireless networks they are unfamiliar with,” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet. “If people could become more situationally aware in their handling of computing devices, they − and the organizations they work for − would be victimized by cyber threats much less often.”

Situation awareness in enterprise IT environments start with understanding the organization’s business priorities, risks and threats. IT leadersmust be able to frame the issues they are dealing with within short and long-term business objectives, have clear line-of-sight across the organization and technologies, and be able to establish policy and governance for everyone who touches the firm’s data. 

To achieve cyber situational awareness, Fortinet advises IT leaders in Indiato focus on four key thrusts:

Business Mission and Goals. Understand the organization’s business mission, and then align it to those processes and resources that exist to enable that mission. Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes.Organizations should also prioritize data and systems, determine which have regulations tied to them, and compare their priorities with those teams that share these resources.

- Cyber Assets. Understand and catalog all the assets on the organization’snetwork, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, whatapplications reside on those devices, and whatdata they hold. Once firmsgain full knowledge on the devices they own, they need to ensure these devices are securely configured and patched as thevast majority of exploits target publicly known vulnerabilities that are five or more years old. Always prioritize the critical vulnerabilities.

Network Infrastructure. All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk levelcan become very different. Organizations must strive to thoroughly understand their topology because cybercriminals are spending much time and resources to learn it to exploit the vulnerabilities in the system. Understanding how and where devices are connected and the data that flows through them will determine where the risks are, and let organizations implement appropriate policies and countermeasures, including technology solutions that are most suited to protecting their unique environment. These solutions must allow devices to interact, share intelligence, and respond to threats in a coordinated fashion anywhere across the extended network. 

- Cyber Threats. Understand the capabilities and tactics of threat actors targeting yourorganization. Threat actors can include government sponsored cyberespionage, organized crime, hacktivists, insider threats, opportunistic hackers and internal user errors.Organizations need to know which of these threat actors are most likely to be focused on stealing the data that resides in thenetwork.