In part one of this blog series, we look back how being resilient to cybersecurity threats is about understanding and managing the organizational impact from the evolution of human conflict that has existed since the dawning of humanity. In part two of this series, we give further consideration to the imperative of thinking and acting holistically as a single organization working together to a common goal. Building true resilience begins with framing the issue accurately to the problem at hand and continually( re) prioritizing efforts to match tempo with evolving threats.

For this blog, we will use the example of a current cybersecurity menace that spans all organisations in every industry as an example of how to throw this into practice. The emergence of human-operated ransomware has created an organizational risk at a speed we have not seen before in cybersecurity. In these extortion attempts, attackers are studying target organisations carefully to learn what critical business process they can stop to force organizations to pay, and what weaknesses in the IT infrastructure they can exploit to do it.

Placeholder

This type of threat enables attackers to stop most or all critical business operations and demand ransom to restore them by blend 😛 TAGEND

A very lucrative extortion business model. Organization-wide impact utilizing well-establish tools and techniques.

Whilst this may be uncomfortable reading, the ability to pre-empt and respond quickly to these cyberattacks is now an organizational imperative that requires a level of close collaboration and integration throughout your organization( who are not able to have happened to date ).

Because these attacks directly monetize stopping your business operations, you must 😛 TAGEND

Identify and prioritize monitoring and protection for critical business assets and processes. Restore business operations as rapidly as possible, when attacked.

Applying this in a complex organization will also be required to 😛 TAGEND

Know thyself: The first step towards resilience is recognizing your critical business assets and processes and ensuring appropriate team members genuinely understand them so that appropriate controls can be implemented to protect and rapidly restore them. These controls should include business and technical measures such as ensuring immutable or offline backups( as attackers try to eliminate all viable alternatives to paying the ransom, including anti-tampering mechanisms ). This is not a one-time event: Your business and technical teams need to work together to continuously evaluate your security posture relative to the changing threat landscape. This enables you to refine priorities, build mutual trust and strong relationships, and build organizational muscle remembrance. Focus on high-impact users: Merely as your executives and senior managers have control and access over massive amounts of sensitive and proprietary information that can damage the organization if uncovered; IT administrators likewise have access and control over the business systems and networks that host that info. Ransomware attackers traverse your network and target IT administrator accounts, inducing the convulsion of privileged access a critical component of their assault success. See Microsoft’s guidance on this subject Build and sustain good hygiene: As we discussed in our first blog , maintaining and updating software and following good security practises is critical to building resilience to these attacks. Because organisations have a backlog of technical debt, it’s critical to prioritize this work to pay off the most important debt first. Ruthlessly prioritize: Ruthless prioritization utilizes a soothe but urgent mindset to prioritizing tasks to stay on mission. This practice focuses on the most effective actions with the fastest time to value regardless of whether those efforts fit pre-existing plans, perceptions, and habits. Look through an attacker’s lens: The best behavior to prioritize your work is to put yourself in the perspective of an attacker. Establishing what information would be valuable to an attacker( or malicious insider ), how they would enter your organization and access it, and how they would extract it will give you invaluable insights into how to prioritize your investments and response. Assess the gaps, flaws, and vulnerabilities that could be exploited by attackers across the end-to-end business the procedures and the backend infrastructure that supports them. By modeling the process and systems and what menaces attackers can pose to them, you can take the most effective actions to remove or reduce risk to your organization. Exert and stress exam: This strategy will be tested by attackers in the real world, so you must proactively stress exam to find and fix the flaws before the attackers find and exploit them. This stress testing must extend to both business processes and technical systems so that organizations build overall resilience to this major risk. This involves systematically removing assumptions in favor of known facts that can be relied upon in a major incident. This should be prioritized based on scenarios that are high impact and high likelihood like human-operated ransomware.

Whilst it’s tempting for experienced presidents and technical professionals to get caught up in how things have been done before, cybersecurity is a fundamentally disruptive force that requires organizations to work collaboratively and adopt and adapt the practices documented in Microsoft’s guidance.

” We cannot solve our problems with the same thinking we utilized when we created them .”– Albert Einstein

For all this to be successful, your organization must work together as a single coherent entity, sharing insights and resources from business, technical, and security squads to leverage diverse standpoints and experiences. This approach will help you plan and execute pragmatically and effectively against evolving threats that impact all parts of your organization.

In our next blog, we will continue to explore how to effectively manage hazard from the perspective of business and cybersecurity presidents and the capabilities and information required to stay resilient against cyberattacks.

To learn more about Microsoft Security answers visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Becoming resilient by understanding cybersecurity risks: Proportion 2 seemed first on Microsoft Security .

Read more: microsoft.com