Research from MeriTalk shows that 83 percent of government cybersecurity leaders say their organization operates on an “assume breach” model – assuming their networks have already been breached, or will be. However, cybersecurity experts stress that it’s equally important to put efforts into breach prevention, which involves crucial steps such as identifying all network assets.
During MeriTalk’s “The Cyber Reset: Transforming to a ‘Zero Vulnerability’ Strategy” webinar on Oct. 12, cybersecurity experts explained why breach prevention efforts should receive the same amount of attention as breach detection and response efforts.
“While ‘assume breach’ should never be a full strategy for any organization, it must remain a part of the strategy,” said Branko Bokan, cybersecurity expert at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). “Prevention, detection, recovery – or response and recovery – are the three basic functions of cybersecurity and we must not ignore one or the other two at the expense of any other one.”
“It is critical to put equal resources and equally consider all three functions and make sure that while we put a lot of effort to prevent breaches, we must understand as cybersecurity professionals, this is a never-ending game. Breaches will occur,” Bokan continued. “We need to be ready to respond to those breaches and recover from when they occur, and equally importantly, we need to be able to detect them.”
Bokan also emphasized that building and training a strong cybersecurity workforce is crucial to be able to prevent, detect, and respond to breaches, especially as adversaries are conducting more sophisticated cyberattacks.
“Workforce training is extremely important. We really need to provide, not only the new generations, but our existing workforce, with relevant training,” Bokan said. “We have to stop, probably, teaching a lot of theory and start with more hands-on proper training, and making sure that we have properly trained and experienced people in the right positions to defend, not only our Federal government but also organizations across the country.”
However, the first step in executing proper cybersecurity efforts should always be for organizations to understand what exactly they’re trying to protect, according to Gary Markham, vice president of technology at INTEGRITY Global Security.
“What are we actually trying to protect? When we build a data center, we understand what things we’re trying to protect from a physical perspective – we have to look at it logically as well. You have to understand the foundational pieces of technology that you’re using, and most organizations don’t,” Markham said. “It really is about going back and understanding the core pieces that are critical to the mission of the organization and focusing on those.”
Identifying those assets is an important step in breach prevention efforts and one that many organizations tend to forget, according to Robert Bigman, cybersecurity consultant and former chief information security officer at the CIA.
Bigman echoed Markham’s sentiment and stressed that many public and private organizations he works with forget to take that key step to understand what they’re trying to protect.
“If you understand how hackers hack, you can understand where to put your priorities from perspective of protection,” Bigman said. “Just by doing that kind of basic hygiene work – which is clearly a protection mechanism, a visibility and protection mechanism – they can drop their exposure dramatically. But as Gary said, and I agree, they are too busy doing everything else to focus their attention on that risk alone.”
“While it is important, obviously, to understand the actual threats and what we are trying to protect against, the very basic tenant of cybersecurity is understanding what you’re protecting,” added Bokan. “Understanding what you protect is the very first step in exercising proper cybersecurity.”
For the rest of the story, please access the complimentary webinar.