As we say goodbye to 2023, we need to prepare to say hello to new cybersecurity threats in 2024. The Department of Homeland Security is already there, having published its annual Homeland Threat Assessment, which predicts “more evasive cyberattacks” thanks to cyber actors using artificial intelligence (AI) and other modern technologies to circumvent company defenses.
Protecting your organization will require a sound strategy that wards off threats and takes the fight to the attackers. Here are five best practices to help you do both.
1. Develop a playbook of response strategies and tactics
Your playbook should include detailed instructions on how to handle a cybersecurity incident, from start to finish, and who’s responsible for what. Key components of a cybersecurity playbook include:
- Descriptions of potential attack methods
- Steps required to effectively respond to and contain an attack
- Roles and responsibilities of response team members
- Remediation procedures
- Details on how to handle media inquiries, customer, and partner communications, etc.
- Processes for a post-incident review and analysis
Hopefully, you will never have to use your playbook. If you do, it will provide you with a standardized blueprint that will allow you to respond to an attack methodically and effectively.
2. Conduct fast and effective diagnostics
Time is of the essence during a cyberattack. Therefore, it is essential to conduct accurate and effective diagnostics as fast as possible.
Not only will you want to identify where the attack originated, but you’ll also need to quickly ascertain where it has or could spread. This requires finding gaps and vulnerabilities in your network where a virus or piece of malicious code could take root. Unfortunately, network complexity gives attackers better cover and more opportunities to hide.
Observability solutions cut through the noise and provide visibility across your entire ecosystem. Observability is different from traditional network monitoring; whereas the latter is more reactive, observability proactively detects anomalies before they become real issues. Plus, with complete visibility into the entire ecosystem, there’s no need to waste time sifting through alerts or hunting down problems. Teams can respond quickly, ensuring high resiliency.
3. Communicate openly, honestly, quickly, and continuously
Effective communication is critical to cybersecurity threat mitigation. When a threat manifests, alert impacted internal departments through secure channels so as not to tip off the attackers that you know they’re in your network. Then, communicate with law enforcement, including the FBI. Finally, reach out to customers and partners. Keep all parties apprised in the weeks and months following the attack.
If you have created a playbook, you will know who to contact and how—because you will have planned for it. You will know, for example, that it will be up to your communications team for outreach to the press, customers, and other third parties.
Your communication must be clear and honest. Tell your stakeholders what you know when you know it. Inevitably, someone is going to ask, “Am I affected?” You may not know, and that is OK—just tell them what you do know. Likewise, you will likely be fighting misinformation. Do not get sidetracked. Continue to tell the truth and communicate openly as much as possible.
4. Enlist third-party partners for help
There are many reasons why you should not take on a cyberattack alone. First, an attack can be too complex and far-ranging for your internal team to handle on its own. It is better to have an outside party that can help with auditing your networks to ensure gaps have been remediated in the wake of an incident. Second, third-party cybersecurity experts can be invaluable in providing guidance, investigative support, and consultation as you navigate through the attack. Your team is going to be busy handling any number of tasks and will appreciate their perspectives.
Outside parties can also help get your truth out to the public. Following the SUNBURST attack, we enlisted the help of reputable organizations like the Cybersecurity and Infrastructure Agency (CISA), the Krebs Stamos Group, and others. In addition to assisting in the investigation, they helped us tell the story of what happened, which went a long way toward combatting misinformation.
5. Implement a “Secure by Design” approach
You have likely heard about shifting left—building security into the foundation of your products, rather than adding it on later. I recommend taking this mindset a step further and adopting a Secure by Design approach, where security becomes a cornerstone of your entire organization.
Secure by Design includes all the best practices listed here, as well as building out your cybersecurity team, auditing applications throughout their development, and engaging with the broader community to learn and share information. It also entails adopting an “assume breach” mindset, where you assume that an asset has already been breached, determine the possible implications, and come up with fixes to limit exposure.
As we turn the calendar page, attackers may have the advantage, but it doesn’t have to be that way. Hopefully, these best practices will help gain the upper hand—and protect your organization in 2024 and beyond.
Reach out to the SolarWinds team to learn more about how you can prepare your organization.