Fortinet has advised CIOs to hone their situational awareness skills in order to better defend their organisations against cyber threats.
Human beings are continually looking for knowledge or information to improve the situations they are in. If we live in a crowded city, for example, we want to know which routes are best to avoid getting stuck in traffic. When we enter a restaurant or cinema, we look for the exits. And when a suspicious looking person enters the room, part of our mind automatically keeps track of him. This behaviour is known as situational awareness, and it is second nature to most of us.
“When people use IT, however, this behaviour surprisingly doesn’t carry over. They click on dubious links without a second thought, open files they don’t recognise, and connect to wireless networks they are unfamiliar with,” said Ben Field, Country Manager, Australia, Fortinet. “If people could become more situationally aware in their handling of computing devices, they – and the organisations they work for – would be victimised by cyber threats much less often.”
Situation awareness in enterprise IT environments start with understanding the organisation’s business priorities, risks and threats. IT leaders must be able to frame the issues they are dealing with within short and long-term business objectives, have clear line-of-sight across the organisation and technologies, and be able to establish policy and governance for everyone who touches the firm’s data.
To achieve cyber situational awareness, CIOS should focus on four key thrusts:
1. Business mission and goals. Understand the organisation’s business mission, and then align it to those processes and resources that exist to enable that mission. Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes. Organisations should also prioritise data and systems, determine which have regulations tied to them, and compare their priorities with those teams that share these resources.
2. Cyber assets. Understand and catalog all the assets on the organisation’s network, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, what applications reside on those devices, and what data they hold. Once firms gain full knowledge on the devices they own, they need to ensure these devices are securely configured and patched as the vast majority of exploits target publicly known vulnerabilities that are five or more years old. Always prioritise the critical vulnerabilities.
3. Network infrastructure. All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk level can become very different. Organisations must strive to thoroughly understand their topology because cybercriminals are spending much time and resources to learn it to exploit the vulnerabilities in the system. Understanding how and where devices are connected and the data that flows through them will determine where the risks are, and let organisations implement appropriate policies and countermeasures, including technology solutions that are most suited to protecting their unique environment. These solutions must allow devices to interact, share intelligence, and respond to threats in a coordinated fashion anywhere across the extended network.
4. Cyber threats. Understand the capabilities and tactics of threat actors targeting your organisation. Threat actors can include government sponsored cyber espionage, organised crime, hacktivists, insider threats, opportunistic hackers and internal user errors. Organisations need to know which of these threat actors are most likely to be focused on stealing the data that resides in the network.