Cybersecurity Risk Management Starts With Visibility
Posted October 28, 2022 by Sayers
A basic question to answer for managing and mitigating cybersecurity risks is, do you know what you need to secure?
Yet many organizations struggle with answering that question. Getting visibility into the organization’s devices, applications, networks, data, and users – including how many, where they are, and how vulnerable they are – is the first step in prioritizing cybersecurity risk management for your business.
What Is Cybersecurity Risk Management?
According to the NIST Computer Security Resource Center, cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information systems, along with the potential adverse impacts to organizational operations, assets, individuals, other organizations, and even the nation.
Risk management prioritizes risks and implements security controls accordingly. This starts with a risk assessment and risk mitigation strategy and then uses tools to monitor prioritized risks over time.
Cybersecurity risk management frameworks weigh risks based on factors such as the sensitivity of the information, and the potential consequences of loss. Increasingly, organizations are requiring more robust risk management frameworks that include policies, standards, processes, guidelines, and training.
Why Is Cyber Visibility Important For Risk Management?
A basic tenet of cybersecurity is you can’t secure it unless you see it. “Visibility isn’t a destination in itself, it’s where we have to start,” says Gerry Wollam, Senior Cybersecurity Solutions Architect at Sayers, adding:
“There are different types of visibility, across a broad spectrum, Visibility in general is, does the organization have a good idea of who, what, where, how, and when that is happening on the network? And are they doing anything about it?”
Examples of visibility questions organizations have to ask for cybersecurity risk management include:
- How many IT, OT, IoT, and Bring Your Own Devices are in your network?
- What are their vulnerabilities?
- How many public cloud applications does your organization use daily?
- What user accounts does your organization have, and what do they connect to?
- What does normal user behavior look like, as your baseline?
A recent proof of concept for an asset visibility and management solution at a Sayers client company in healthcare revealed some unwelcome surprises. “The amount of things on their network and the vulnerabilities of those was shocking to everybody,” says Wollam. “They ended up going straight from the POC meeting into an audit findings meeting to start remediation, because it was that big of a concern.”
Visibility questions might seem straightforward, but ask different people in your organization how many assets they see, and you’re going to get different responses. That’s a problem, says Bob Livingstone, Director of Cloud Engineering at Sayers:
“If you can’t agree on how many assets the environment has, you’re not going to have the right solutions on those assets or the right configurations to provide protection.”
Cyber visibility also extends to the ability to recover systems as part of your business continuity and disaster recovery (DR) processes. “If you can’t see it, you can’t back it up for system recoverability,” says Kevin Finch, Senior Business Continuity Architect at Sayers. “If you’re having a conversation about DR, you should be talking about visibility also.”
How To Improve Your Cyber Risk Management With Visibility
Cyber risk management requires getting visibility in every area within your organization’s IT arena. Think endpoints, email, your cloud environment, and all the hardware, software, and user accounts on your network.
That’s a lot to tackle, but achievable. Improve your cyber risk management with these visibility tips:
1. Consider Multiple Approaches To Visibility For Cyber Risk Management
Which approach to take to achieve visibility can vary from one organization to another, depending on priorities and needs. Popular approaches include:
- Cyber Asset Attack Surface Management (CAASM) – Using API integrations with existing tools in your environment, CAASM provides a consolidated view of all assets – both internal and external – then identifies cybersecurity gaps and provides automated steps to remediate issues. Focus includes audits and compliance reporting, visibility gap analysis, asset profile consolidation, and security control reporting. Gartner estimates:
“By 2026, 20% of companies will have more than 95% visibility of all their assets, which will be prioritized by risk and control coverage by implementing cyber asset attack surface management functionality, up from less than 1% in 2022.”
- Digital Risk Protection Services (DRPS) – This managed solution detects and prioritizes digital asset vulnerabilities to external threats by risk level, using an attack surface monitoring solution. Focus includes brand and social media protection, executive protection, account takeover detection, physical security threat monitoring, and disinformation monitoring.
- External Attack Surface Management (EASM) – EASM solutions and services focus on discovering external-facing enterprise assets at risk for attack and managing those risks. Use cases include asset inventory, vulnerability management, cloud security and governance, and subsidiary security monitoring.
All three approaches can be used for data leakage detection, digital asset discovery, security asset management, and issue prioritization.
An additional resource, provided by the Center for Internet Security (CIS), is the CIS Critical Security Controls, a prioritized set of 18 actions to protect your organization and data from cyberattack vectors. The Top 2 on the list address visibility with an Inventory and Control of Enterprise Assets, and Inventory and Control of Software Assets.
2. Achieve Greater Visibility With A Combination Of Tools
Cybersecurity visibility isn’t about a single solution that does it all. One visibility tool may focus more heavily on networks and devices, while another looks at data and applications, or endpoints, or email gateways.
“You’re going to have to combine different solutions together to get that full cyber visibility,” says Livingstone. “But if you don’t have that visibility, you’re not going to be able to protect your assets.”
Since each tool provides a different breadth or depth of visibility, using multiple, overlapping tools provides the comprehensive inventory needed for cybersecurity risk management.
3. Conduct A Network Visibility And Risk Assessment
A Network Visibility and Risk Assessment provides visibility into areas where your legacy technology can’t. One or more non-intrusive appliances deploy within the network to monitor the application traffic passing through the Internet gateway.
At the end of the data collection period, you receive a comprehensive report analyzing application traffic, overall security risk, and related business risk. You’ll also learn how effective your organization’s existing technologies are at supporting and enforcing your computing policy.
Assessments can go further, Livingstone says:
“When we map out a client’s tools, people, and processes from an IT perspective, we get visibility into where their gaps and deficiencies are, where there is overlap, and where the organization should focus. Then we can work with them to prioritize that focus and develop a roadmap to move forward.”
Questions? Contact us at Sayers today. We offer extensive security solutions to cover all areas of your business, including ways to improve your cybersecurity risk management with greater visibility.