Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Cyber Resilience Chasm

Kennedy Torkura
November 28, 2023
25

The Cyber ResilienceΒ Chasm

πŸ”₯ Heard about the Cyber Resilience Chasm? πŸ”₯

πŸ‘‰ Let me explain: as security organizations gain more access to resources, they equally grow in maturity.

β­• Normally, a security organization's maturity would be reflected in its ambitions and achievements. These would be demonstrated by tailoring efforts towards achieving compliance and cyber security goals. The level of achievement heavily hinges on the organization's bias: security-driven or compliance-driven ...in rare cases, there is a nice balance.

β­• Now comes the main point -> cyber resilience is often left out of this bias due to some misconceptions. While some security organizations wrongfully assume Cyber resilience is automatically fulfilled via cyber security (think inheritance ), other security organizations continuously shift forward the time to consider cyber resilience. It is commonly thought that cyber resilience is an option to be ONLY considered when the security organization achieves a certain security maturity point - X.

πŸ’₯ Huge misconception right there: security maturity point X never comes or arrives too late, often via a much more costly process (e.g. as part of a post-breach effort). In the meantime, attackers continually evolve and breach the organizations' defenses successfully.

β­• Importantly, every security organization has a single objective πŸ‘‰ KEEP THE BUSINESS SAFE FROM MALICIOUS ACTORS. Compliance, cyber security, and cyber resilience are means to achieve this objective. Hence, security resources would need to be balanced across this means to achieve the security objective. Determining when to start with cyber resilience is agreeably challenging, but the decision needs to be made, primarily due to the inevitability of cyber attacks.

Kennedy Torkura

November 28, 2023
Tweet

Transcript

  1. Cyber Security At its core, cybersecurity is the practice of

    protecting systems, networks, and programs from digital attacks. Key Reasons for the Cyber Resilience Chasm Misunderstanding the Role of Cyber Security, Compliance & Cyber Resilience Cyber Resilience The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems. @run2obtain Compliance Adherence to laws, regulations, and guidelines designed to protect user data and privacy. 3
  2. Huge Challenge Several organizations are challenged with how to enable

    cyber resilience even after achieving commendable levels of cyber security. Enabling Cyber Resilience Huge Misconception An organization needs to achieve 100% cyber security maturity or a near perfect cyber security maturity before considering cyber resilience. @run2obtain 4
  3. Cyber Resilience Chasm @run2obtain Cyber Security (including compliance) goals, objectives,

    design principles, techniques Cyber Resilience goals, objectives, design principles, techniques 5
  4. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 7 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i
  5. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 8 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i
  6. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 9 https://www.mitigant.io/blog/leveraging-security-chaos- engineering-for-cloud-cyber-resilience-part-i
  7. Overcoming the Cyber Resilience Chasm @run2obtain o Understand the differences

    between cyber security, compliance and cyber resilience. o Implement practical measures the demonstrate these differences o People o Processes o Technology o On the technology side o Assess cyber resilience posture o Identity gaps o Implement countermeasures o Strike a balance between compliance, cyber security & cyber resilience 10
  8. Example : Cyber Resilience Efforts Against TeamTNT @run2obtain TeamTNT is

    a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments. 11
  9. Map the Relationship With the ATT&CK Tactics & Techniques AND

    CREF @run2obtain o The CREF Navigator provides several excellent mappings ! o Get the mapping between the ATT&CK tactics & techniques used by TeamTNT and CREF Techniques. o Choose a CREF technique, here we choose Adaptive Response 13
  10. Select A CREF Approach Here we pick Adaptive Management, which

    is about changing how mechanisms are used based on changes in the operational environment as well as changes in the threat environment i.e. change in response to change. @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 14
  11. Adaptive Management : Examples β€’ Disable access dynamically. β€’ Implement

    adaptive authentication. β€’ Provide for the automatic disabling of a system or service. β€’ Provide dynamic deployment of new or replacement resources or capabilities. β€’ Use automated decision-making supported by artificial intelligence (AI) or machine learning (ML) for rapid response and dynamic changes when human operators are not available. β€’ Create a temporary incident-focused team reporting structure within an SOC. @run2obtain 15 Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf
  12. Relevant ATT&CK Tactics, Techniques & Mitigations β€’ Take note of

    the relevant ATT&CK Tactics, Techniques & Mitigations. β€’ Security resources can be focused on these to reduce alert fatigue while enhancing detection engineering efforts and SOC team’s effectiveness. β€’ Adversary emulation and threat hunting efforts can also zoom in on these ! @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 16
  13. Cloud Attack Emulation is Critical to Cyber Resilience β€’ Cloud

    attack emulation is a critical component of cyber resilience. β€’ Adversary emulation is an intentional implementation of the Anticipate goal of cyber resilience. β€’ Leverage the Mitigant Cloud Attack Emulation platform to enable cyber resilience. @run2obtain 17 https://www.mitigant.io/cloud-immunity
  14. Next Steps ? Several Possibilities ! β€’ You might want

    to take on the nest CREF Approach under Adaptive response technique -> Dynamic Reconfiguration. β€’ Alternatively, you can pick another CREF technique related mapped to TeamTNT. β€’ Or as your threat model, threat intelligence etc. indicate .. @run2obtain Source: NIST SP 800-160 - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf 18
  15. That’s all folks ! What are you thoughts? Check out

    my other LinkedIn posts & follow me ! @run2obtain https://www.linkedin.com/feed/upd ate/urn:li:activity:710639542294797 5168/ https://www.linkedin.com/feed/update/urn:l i:activity:7044716108204920832/ https://www.linkedin.com/feed/update/urn:li:activ ity:7123633525651574784/ https://www.linkedin.com/feed/updat e/urn:li:activity:712111184694153216 3/ 19