Security Corner

During the Defense 1 Tech Summit, Mieke Eoyang, Deputy Assistant Secretary of Defense for Cyber Policy, and Patrick Tucker, Technology Editor at Defense One, discussed the current state of cyber policy and how it relates to national security, democracy, and how the Department of Defense (DoD) plans to prepare against future challenges of cyber warfare.

It is critical to determine which threats are the most relevant to an organization. In our last post in this series, we look at how to identify and prioritize threats to develop and implement mitigations and reduce risk based on the most dangerous threats.

The threats of cyber attacks against a myriad of industries have been one of the top news stories of 2021. One of the most prominent attacks being used by threat actors is exploiting third-party risk by going after an organization’s supply chain. While there are unique vulnerabilities to all organizations from supply chain cyber-attacks, the threats posed to the Defense Industrial Base (DIB) are arguably the most urgent.

Before diving into threat intelligence, organizations should conduct a risk assessment to understand their business risk. Properly conducted, risk assessments can provide a thorough picture of an organization’s mission, functions, IT, organizational assets, and reputation.

While major cyber attacks and APT groups dominate the news, many organizations are more likely to be plagued by more common threats. In fact, according to a 2021 Threat Hunting report, the most common attacks observed by practitioners are malware, phishing, network intrusion, and ransomware

Threat Hunting is critical for any digitally connected organization to promote proper security hygiene, reduce compromise dwell time and exposure, discover gaps, and reduce the exposed attack surface. Today’s sophisticated and targeted threats require active hunting rather than passive detection to keep an organization safe and secure via investigation and anomaly detection tailored toward organization-specific services and implementations.

Because of the relative newness of the field and the demand for cybersecurity talent, there’s an assumption that only the most sophisticated organizations are able to leverage threat hunting activities. However, in reality, organizations do not have to be highly resourced or sophisticated to effectively leverage threat hunting to protect themselves from cyber risks.

Cyber threat intelligence — properly gathered, refined, and applied — can help organizations recognize cyber risks and implement protections that specifically address the most serious risks to the integrity and functioning of their organization.

The massive SolarWinds breach that took place earlier this year should set clear precedence that the supply chain and third-party risks are only increasing and should be taken very seriously. These breaches demonstrate that “check-list security” is no longer enough to ensure protection, and that, now more than ever, understanding one’s supply chain network dependencies is critical within a cybersecurity program.