As organizations progress in their ability to respond to and mitigate cyber threats, developing and nurturing an effective security program, they typically advance through 5 levels of cybersecurity maturity. Where does your company fit on this scale, and what can be done to progress to the next level of cyber readiness?
Organizations with nascent cybersecurity programs are at the “early stage” of cybersecurity maturity, falling at the first “Unstructured” level of cybersecurity readiness. When a company’s cybersecurity is characterized as unstructured, the organization is typically responding to threats as they emerge without much of a clue as to what’s coming next. There is still a need to monitor the company assets and vendor risk as well as audit and update applications on a regular basis. Events that would be addressed at this level include account takeovers, data leakage, digital footprinting, fraud campaigns and attacks on the brand itself. The organization at this level is in the midst of creating the basic tenets and foundations of its cybersecurity program, including: (1) the necessary antivirus programs and (2) developing a configuration management database (CMDB) to create a map of its IT infrastructure (endpoint devices, software and data).
At the second level of cybersecurity readiness, the organization shifts into more of a threat and vulnerability management posture. This involves the incorporation of Indicators of Compromise (IoC) to determine what threats are at play, such as a suspect or known hostile domain or an IP linked to a phishing site. Indicators of Attack (IoA) are also considered, looking at the “why” -i.e.determining the intent of what the threat actor is trying to accomplish, regardless of the tools, tactics and procedures being employed. Eventually, the IoAs will feed into a higher-level analytical tool in the next levels, allowing security teams to better understand the threat actors behind the threats, and accordingly, the best means to counteract them. Cybersecurity teams at this level might subscribe to related newsletters and bulletins, as well as joining information sharing and analysis centers (ISACS). They also are likely to begin prioritizing alerts for responses, digesting actionable advisories and breaking news, and developing patch-cycles to address common vulnerabilities and exposures (CVEs).
At the intermediate level of cybersecurity readiness, the organization embraces a forward-looking security posture, diagnosing and treating threats systematically and strategically before they fully materialize. This involves constantly monitoring emerging threat indicators: targeted campaigns, vulnerability or exploit disclosure, indications and warnings, digital threat hunting and incident responses. In this phase, the organization is likely to enhance their security stack with items such as next generation endpoints security, endpoint detection and response and a security information event management (SIEM) platform. In addition, the organization begins to shift their perceptual paradigm, understanding cyberthreats according to the context of business goals and objectives.
At the fourth level, the security team has progressed far beyond their formerly defensive posture, now fully engaged in proactive risk prevention and strategic planning. The team now confidently reduces its attack surface, performs its own security ratings and scorecards, hunts for threats, and prioritizes responses based on risks. Moving towards building offense capabilities against threats, they add intelligence platforms – such as those focused on security orchestration and automated response (SOAR) – as well as breach-and-attack simulation tools. A security posture is developed that places threat responses within a business context, for example, by segregating its networks so that different activities and operations are separated, so as to protect the entire organization from exposure to an incoming threat.
Up until this point, the organization has been handling threats by looking at its own activities and toolsets to respond to direct attacks. The team should now be increasing their preparedness level with red-team simulations, overall operational readiness as well as daily or multi-day fire-drills. Nevertheless, despite these advancements, the organization has not yet fully addressed the full extent of its exposure to cyber-risk. Hackers can use third parties to infiltrate organizational networks, and accordingly, security teams must look beyond their own four walls to realize the highest levels of threat intelligence. At this level of cyber maturity, the organization starts to examine their supply chains, determining which security measures are being undertaken by third party vendors and other partners to safeguard their network against attack. Automating the process of threat intelligence now becomes a necessity, feeding the security team with information on potential attacks on the horizon.
Find out how Cybersixgill can help organizations get to the highest level of cybersecurity. Read the report.