Your Role is Not to Prevent Every Attack

Bill Bernard currently serves as Deepwatch’s AVP, Security Strategy. He is a seasoned security expert with 20+ years of experience collaborating with customers to select and deploy the right security solutions for their business. Bill has held various solutions architecture roles throughout his career and holds a variety of security certifications including CISSP, CIPP-E and CIPM.

Security Leaders and the Importance Cyber Resilience

Surviving, as a cybersecurity leader, let alone a cybersecurity worker, means being responsible for predicting the future. We work in an industry with less than 30 years of history, in roles designed to protect the most critical assets of an increasingly digital world, often with woefully inadequate budgets that have not kept up with threats growing in volume and complexity. CISOs and IT leaders can even face potential criminal liability, and frequently become corporate scapegoats. All this while historically getting smaller C-level salaries, with some exceptions in only the last two years. We’re here, however, because we understand, and most of us are passionate about, the critical importance of protecting cyber facing resources.

Still, our industry continues to experience high turnover, rapid burnout, and a talent pool that can’t keep up with the original demand, let alone the turnover. One result of high turnover is that poorly equipped, untrained, unprepared people are promoted to security leadership roles. So the CISO that the board had trust in burns out and leaves, only to be replaced with someone who may need to “grow into” the role only to burn out after a short while themselves. This vicious cycle leads boards to discount the CISO’s input because so many CISOs are still focused on technology, and the details of technology without recognizing the importance of business risk priorities and outlooks. 

The modern CISO, besides being “board ready,” needs to shake themself out of the expectation that their job is to prevent every attack from being successful. This “castle and moat” thinking has never been especially valuable. This approach leads to ever more spending on protection technologies, and a mindset that “if we just deploy this next best of breed tool we’ll be protected”, which leads to having too many tools to manage, too few people to manage them, and the inability to react in a useful way if the defenses get breached or circumvented. Tech debt and a vicious cycle of deployment engagements are sure signs of this mindset. Bluntly, neither you the CISO, nor your team of practitioners, nor your organization can stand this cycle long term: it costs too much and tends to prevent business from happening – or the business finds its own way around your security tools.

So if the job of Cyber Security leadership – and by extension their departments – cannot realistically prevent every attack, what are you to do? You need to live, eat, and breathe Cyber Resiliency. NIST has a definition for Cyber Resiliency:

• The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. – NIST SP800-160

As a practical matter, this means your program has to be aware of current threats, be ready to survive those threats with a minimum of impact, and improve your program to better survive the next event. If we understand that cyber events are like tornados, we can recognize that we need to understand when a tornado is likely to occur, and that it may include hail, dangerous lightning, and flash flooding. We need to be sure our house is reasonably prepared against those, but we also need to know when to head into the storm shelter to protect our family. After the storm passes we need to recover and improve. Maybe that is building a car-port to protect our car from hail damage, or maybe that is quickly rebuilding the 2nd floor after a tree fell into it. Maybe it is just remembering to put fresh batteries in the flashlight in the storm cellar. There’s nothing you can do to prevent a tornado from happening, and you’re not going to build your house to be “tornado proof” as that would generally be cost prohibitive. 

Your “board ready” Cyber Resiliency program must be agile, responsive, and able to learn from itself. You will need to learn how to anticipate and react, not just fortify and defend (though you can’t abandon that, but you need to move beyond it). 

So how does Deepwatch help? By making the CISO’s life easier. We help them – cliche or not – sleep at night, as in not waking them at 2:00AM with false positives. They have peace of mind because security professionals that understand their unique environment, tools, and policies are watching their backs. At our best, Deepwatch helps you map and advance along a dynamic security journey. Organizations simply can’t get that from a software product alone. They aren’t likely to get that by just adding staff or outsourcing analysts to come render water from the stone of their existing security ops tools.

The Deepwatch Managed Security Platform provides a unique combination of advanced security technology, human-led security expertise, and operational processes to provide the leading managed security platform for the Cyber Resilient enterprise. In the end, our role together is to create a more protected organization, to communicate the health and progress of your security program, and to stay ahead of the complexity and risk of the changing digital world.

Deepwatch helps demonstrate business resilience to cyber security issues through these capabilities:

• Identification of risks
• Continuous improvement of Security Index Score for detection and awareness
• Planned, precise coordinated responses
• Programmatic capability to exercise, measure and improve each capability

Cyber Resilience is the acceptance of the inability to stop everything, and changing the focus to add the ability to respond competently to different attacks. Being able to contain, or remediate an attack, or even a type of attack is the confidence and developed resilience a CISO needs to “handle it in the morning” vs “handle it RIGHT NOW”.  Being able to identify the difference between “morning” and “right now”, and jointly, where holding actions are going to be effective is a sign of a mature security operation. This understanding improves security posture and communication within the business, but does take work. As the landscape shifts, the understanding must move accordingly.  

You don’t have to predict the future, you just need to be able to understand the seasons. Deepwatch’s platform provides the evidence, expertise, and metrics you need.

Conclusion

Your Cyber Security program is no longer about just protecting data. It can’t afford to build the capabilities to prevent every attack. It is time to shift your program to Cyber Resilience to better match your resources, threats, risks, and goals. Deepwatch is ready to help you achieve that, with our industry leading platform. Make sure your next bad day is a “couple of aspirin” bad day, and not an “admitted to the ER” bad day. Make the switch to the Leading Managed Security Platform for the Cyber Resilient Enterprise.

Deepwatch is the leading managed security platform for cyber resilient enterprises. We operate as an extension of your cybersecurity team by providing 24/7/365 comprehensive security management capabilities together with the partnership of our security experts to deliver unrivaled security expertise, unparalleled visibility across your attack surface, precision response to threats, and the best return on your security investments.

↑