3 Things Businesses Can Do To Improve Their Security Posture Further

2022-01-24 by Clayton Richard

How do businesses establish a formidable security posture? They install top-of-the-line security controls and establish security measures following best security practices. But is that everything they need?


The cyber threat landscape has changed over the years, and not for the better. Cyberattacks are becoming so aggressive and complex that dealing with them has become more challenging. According to the 2021 Microsoft Digital Defense Report, cybercrime has become more widespread, relentless, and sophisticated.


Cybercrime is no longer just an act undertaken by parties that seek to steal from or disrupt the operations of a business. It has also become a business in itself, with cybercriminals offering their expertise and services to those who want to attack specific organizations, governments, or individuals. The Microsoft report says cybercriminals charge around $311.88 per month for Denial of Service attacks, $250 per hack job, $66 upfront fee for ransomware kits or 30 percent of the resulting profit, and up to $1,000 per successful account takeover in a spear phishing campaign.


So what can businesses do to improve their security posture further? Here are three crucial points.

Security validation

Security controls and security policies or measures only constitute half of a solid security posture. There is no guarantee that they will work as designed unless they are continuously tested. In other words, if organizations want to have effective enterprise security posture management, they need to include continuous security testing or validation.


Continuous security validation can involve a number of approaches, including continuous automated red teaming, breach and attack simulation, as well as purple teaming. Continuous automated red teaming is necessary for the prompt detection, identification, and mitigation of attacks or threats. Breach and attack simulation is aimed at maximizing security controls. Purple teaming, on the other hand, ensures that security testing is not limited to the perspectives of the defense or blue team. It emphasizes the need for an adversarial perspective to anticipate what attackers would do and how they will likely retool or tweak their attacks to defeat security controls they could not penetrate initially.


Noted CISO Brian Contos, in a Forbes Technology Council post, explains the importance of testing cybersecurity effectiveness by highlighting three scenarios: incident response, change management, and the establishment of new processes.


Security validation is crucial in incident response, as it systematizes the way organizations examine the possible failures in their controls. Some issues can affect other components of the security posture, so it is important to clearly trace their root cause and rectify them accordingly. This also helps in determining whether certain control defects can be addressed through their configurations or updates, or they have to be replaced altogether.


When it comes to change management, security validation is essential as it ascertains if security controls are still working the way they should after changes have been implemented. Changes in security policies, configurations, and the software and hardware used can definitely impact an organization’s security posture. Security testing is a must in such cases. Refusing to do so can be highly risky, especially for organizations that use the same security system across offices or branches.


Moreover, organizations need security validation when creating and implementing new processes because of the potential impact of the new processes in the existing controls and policies. Businesses that merge or consolidate, for example, are set to adopt new systems and processes to streamline their operations. There’s a good chance that these can adversely affect the overall security posture of an organization.

Creating an incident management plan

Will security validation make an organization’s security posture perfect or absolutely invulnerable? Most certainly not. Security testing significantly reduces the chances of cyberattacks penetrating cyber defenses by weeding out most of the defects and providing the necessary insights on how to improve the existing security solutions. However, it can never result in achieving the impossible: flawless cybersecurity.


Some sophisticated cyberattacks can still manage to find their way into an organization’s highly secured network. Because of this, organizations need to have a prudent incident management plan. There has to be a unified and systematic approach in responding to a successful attack, particularly when it comes to controlling the impact of the attack and preventing further damage/losses.


Forensic investigations expert David Ellis says that there are six stages in incident response planning, namely preparation, identification, containment, eradication, recovery, and review.

?       Preparation - This overlaps with many aspects of security posture management itself, so it's better to think of it as a reminder on making sure that all the necessary security controls are in place, that security validation has been undertaken, that mock drills have been conducted, and so forth and so on.

?       Identification - This is about the detection of an attack, breach, or apparent threat. It calls for a thorough examination of the threat to determine the appropriate response. The MITRE ATT&CK framework and other security validation frameworks such as NIST may be integrated at this stage.

?       Containment - Once the threat is properly identified, it has to be stopped on its tracks. Some devices and cloud resources may have to be disconnected to prevent malware from spreading further, limit the encryption coverage of ransomware, or halt an ongoing data theft.

?       Eradication - With the problem contained, it becomes easier to isolate and get rid of the threat. Eradication has to be undertaken after containment to avoid instituting fixes that may aggravate the problem, such as the corruption of files and malfunction of applications.

?       Recovery - The recovery stage is initiated once the threat has been properly neutralized. This is when files are restored from the backup (if they have been corrupted or erased) and web services are restored. In cases of private data theft, recovery may mean the forced resetting of customer passwords, for example, to make sure that accounts are not accessed and used maliciously.

?       Review - This is about getting the lessons learned after an encounter with a threat or cyberattack. Security postures and even incident planning can be improved further by incorporating the lessons learned from previous attacks or weaknesses revealed by cyber assaults.

Getting everyone involved

People tend to be the biggest weakness in the cybersecurity chain. Through social engineering tactics, most employees and even top-level executives in an organization can be tricked into becoming accomplices to cybercriminals. They can unknowingly deactivate or create vulnerabilities in their security controls because of deceptive tactics. Worse, they may even directly send login credentials and other sensitive information to threat actors.


Organizations are already investing heavily in securing their hardware and software. However, they rarely do the same for their human resources. To ensure top-notch security posture management, it is important that everyone understands what security posture management is, especially their role in maintaining the integrity of cyber defenses and not allowing themselves to become unwitting tools for cybercriminals to achieve their goals.


Cybersecurity seminars or training are recommended for everyone in an organization. Entrusting cybersecurity entirely to automated and AI-driven systems is a bad call. People also need to be well acquainted with cyber threats and their responsibilities in keeping them at bay.  It is easy to configure machines and software, but people cannot be expected to blindly and religiously follow all the security rules and mechanisms of an organization. They are more likely to follow and support security objectives if they know they are a significant part of it.

Optimizing security posture management

An organization’s security posture radically improves when the security controls are tested or validated properly and when there is a carefully designed plan of action in mitigating cyberattacks. Also, it is vital to keep the people in an organization aware of their role in the entire cybersecurity infrastructure and mechanism.

@font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536870145 1107305727 0 0 415 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Arial",sans-serif; mso-fareast-font-family:Arial; mso-ansi-language:EN-GB;}h2 {mso-style-priority:9; mso-style-qformat:yes; mso-style-link:"Heading 2 Char"; mso-style-next:Normal; margin-top:18.0pt; margin-right:0cm; margin-bottom:6.0pt; margin-left:0cm; line-height:115%; mso-pagination:widow-orphan lines-together; page-break-after:avoid; mso-outline-level:2; font-size:16.0pt; font-family:"Arial",sans-serif; mso-ansi-language:EN-GB; font-weight:normal;}span.Heading2Char {mso-style-name:"Heading 2 Char"; mso-style-priority:9; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:"Heading 2"; mso-ansi-font-size:16.0pt; mso-bidi-font-size:16.0pt;}.MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:11.0pt; mso-ansi-font-size:11.0pt; mso-bidi-font-size:11.0pt; font-family:"Arial",sans-serif; mso-ascii-font-family:Arial; mso-fareast-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; mso-ansi-language:EN-GB;}.MsoPapDefault {mso-style-type:export-only; line-height:115%;}div.WordSection1 {page:WordSection1;}

news Buffer

Leave a Comment