27 Jan Is It Safe To Outsource Your Cybersecurity?
Relationship management is critical
Melbourne, Australia – Jan. 27, 2022
Keeping abreast of the cybersecurity threats of the day can be exhausting, which is why so many companies are engaging specialized vendors and managed security service providers (MSSPs) to support them — but how do you know they’re doing what you need them to do?
Building relationships with outside parties may be a smart strategic move, warns Secureworks Counter Threat Unit (CTU) Senior Vice President Barry Hensley, but if you’re not continually monitoring and assessing that relationship you’re exposing the integrity of your own systems to a broad range of unknowns.
Customers of third-party firms must make sure they establish clear practices for auditing new products and service providers, he said, including a clear understanding of how those providers will be held accountable; whether customers can review their security audits if they have an incident; and whether customers are able to conduct an adversarial pen-test or do a threat hunt within their environments.
Think about the reasons you’re going into the relationship — whether because the third-party solution is more effective, more scalable, less costly, or well-connected to the broader security community — and clarify what will happen if the relationship goes sour by considering issues such as what data they collect, where it is stored, and how you can ensure it will be destroyed when needed.
Cybercrime Radio: Best Practices In Cyber Defense
Barry Hensley, SVP & Chief Threat Intelligence Officer
“You’ve got to have a high degree of assurance that they’re providing you operational resilience,” Hensley said, “but also the security wrapper that’s needed to ensure your business success.”
It’s a recommendation that Hensley — a retired Army colonel of more than 20 years’ service who has spent the past decade heading the SecureWorks specialist team — offers to companies wanting to ensure their internal security teams are ready to deal with incidents.
The key to preparedness is to not take anything for granted — a habit that he has enforced within the CTU, whose team of security experts’ job is to analyze emerging threats and develop countermeasures for the company’s clients.
And whether companies are engaging third parties or managing incident response in-house, he offered three key bits of advice for every company engaging third parties: rehearse, rehearse, and rehearse.
“When I hear people talking about their disaster recovery and preparedness for ransomware… [I remind them] that you’ve got to start thinking about all the things you need to prepare for a cyber attack,” he said.
“Have you rehearsed your ability to do all the incident response steps, the forensics, the containment, the eradication of the threat and, ultimately, the recovery? Because nothing can substitute the demonstrated ability to implement the tasks that are needed to be successful to recover from such a catastrophic event.”
Keeping up with a changing threat
With CTU tracking over 30 ransomware groups and maintaining a roster of over 3,400 organizations that have already been compromised by cybercriminal gangs, Hensley’s team is well aware of the potential damage companies can suffer when hit by a cybercriminal attack.
Yet many don’t realize that today’s ransomware attacks are actually often longer campaigns, with numerous elements and several subordinate attack vectors that may lead to data theft and publication, embarrassment of the company or its executives, malicious denial of service (DoS) attacks, and other actions designed to pressure companies to pay the ransom demand.
“I always warn customers that it’s multiple campaigns they need to be prepared for,” he explained. “You need to prepare for all the things that a ransomware threat actor would obviously do, but you’ve got to take it a step further.”
The situation hasn’t been made any easier by the shift to remote work, to which every organization responded in a slightly different way — and with a range of different results as cybercriminals began probing for soft spots.
“Knowing that remote means lots of different things, organizations had to clearly assume that they’re providing IT and security support to an individual that is working in a contested space.”
“You now live in a world of computers that are not patched, not monitored, not protected, not restricted, and not compliant — so how can your business operate on that system in a way that does not put the business at risk?”
The most effective organizations not only documented what they had done during the transition to remote work, Hensley said, but also developed mitigating strategies associated with the enablement of this new world.
“This truly is the new norm,” he said, “and I don’t think you’re going to see any organization going back to where it was.”
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.
Secureworks is 100 percent focused on cybersecurity. In fact, it’s all we do. For nearly two decades, we’ve committed to fighting the adversaries in all their forms and ensuring that organizations like yours are protected.
Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improves your ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.