Global events are changing us and our society, with the most dramatic consequences being the war against COVID-19 in recent memory. Every aspect of our lives is distinct, including new ways of living, communicating, doing business, and caring for ourselves and our families. The key is to learn from these situations so that we can better prepare ourselves for the future.
These extreme changes have escalated another battle, a war against cyber threats, with exposure to emerging cybersecurity risks that actors have chosen to exploit. These threats are raising the security risks of ERP data. The element of distinction between personal and work devices has become blurred with users and usage fluidly moving between them. Personal and business data flows freely through home Wi-Fi networks. We switch seamlessly to virtual happy hours and binge-watching videos when the workday finishes, using a growing array of services, widening the attack surface further. Threat actors also use fresh lures that play on our curious nature and fears to make us unwittingly click on malicious attachments or links or share data that we should not. It’s a scenario that is increasingly becoming untenable for many cybersecurity practitioners and leading companies to doubt their ability to respond quickly.
During times of crisis, rapid response planning will help ensure that you have a foundation in place to collaborate more effectively with your colleagues to minimize risk and to answer management concerns about the company’s responsiveness to the current threats.
To help you do the groundwork for rapid response, there are three steps outlined here. From a new, high-profile global ransomware campaign to opportunistic cyberattacks triggered by a natural or human-made catastrophe, going through this planning process will also improve the ability to respond rapidly to possible incidents.
As has been seen before with global threats, emergencies and outbreaks generate a strong increase in new, varied sources of knowledge about threats. Several commercial risk intelligence suppliers, governments, open-source feeds, and programs provide valuable information related to the danger and outbreak. To become aware of these new sources is one thing, but it is another to be able to absorb all that information, especially because they are in different formats and perhaps different types of information than you are currently using. You need a central repository to handle this situation that is prepared to accept these feeds or can easily map them in minutes or hours if they are in non-standard formats. The flexibility to quickly accept new sources of threat data for consumption is at the center of rapid response. With high-quality data aggregated and structured, you can decide how it can affect you and use it.
In terms of accidents and relevant metrics, knowing the data individually provides value, but the real value comes from understanding it in aggregate, even from your own internal processes, such as your log management archive, SIEM, case management system, and safety infrastructure. By comparing the knowledge to what is actually happening in your world, you gain significance that makes it concrete. A large picture view also lets you quickly see who else inside the company wants to absorb and appreciate this data – the SOC team, network security team, threat researchers, forensics and investigations, threat hunters, administration, etc. – and share it.
As part of your infrastructure and operations, the last step is to enable the data. Detection, response, and mitigation can be facilitated by rapid submission to the appropriate tools, systems, and controls within your area of the appropriate pieces of data. Exporting data to the current infrastructure, for instance, helps certain systems to work more reliably and efficiently, generating fewer false positives. Also, you can use your curated threat intelligence to predict and prevent attacks in the future, such as automatically uploading intelligence to your sensor grid to generate and implement updated risk mitigation policies and rules. In exchange, this will ensure data protection for ERP.