In Part 1 of this series we examined why, like astronomers and astro-physicists do in their studies and explorations, it’s important for cybersecurity professionals to measure things from different angles to get a complete picture. And how that approach helps you overcome barriers that exist with just a single way of looking at things.
We looked at two ways to look at your organization’s vulnerabilities—vulnerability and best practice assessment and security controls assessment.
In Part 2 of this series, we’ll examine simulations and threat assessments as two other ways to look at your organization’s vulnerabilities.
- Simulation. A key element of security assessment is to measure your response to a simulated attack. This will help you understand how your infrastructure—and more importantly your organization—will stand up to the bad guys. These tests can come in the form of phishing simulations, "Red Team" exercises, and more. It's estimated that 91% of malware attacks start through email, so a phishing simulation is a great place to start analyzing your vulnerabilities. By measuring how your employees react to realistic phishing simulations on a regular basis, you can predict how they will react to a real attack and identify where more training is needed.
- Threat assessment. Various assessment techniques can tell you where possible gaps are, though it's important to layer on top of that the current threat landscape. In other words, are there known exploits for the types of issues you have? If there are, this can increase the criticality of closing particular security holes. This is a very dynamic field with new threats emerging on a daily basis, making it important to continuously correlate your posture against known threats.
Another challenge that cybersecurity professionals and astronomers share is that you have to correlate your findings across many sources of information to infer what's really going on. This takes experience and a strong understanding of the data. For example, if a vulnerability is detected on a system and you find that the vulnerability has been posted on a dark web site, that can increase the likelihood of an attack. Conversely, you may have mitigating controls in place that make certain vulnerabilities less likely to be exploited.
To understand the true nature of your security posture, you have to not only understand your overall ecosystem, but know how various controls relate to each other. This is where deep security expertise comes in handy.
By taking a comprehensive view of your security posture and enlisting security professionals to help you correlate results, you can truly understand and improve your organization’s cyber risk.
Watch a demo of Trava's phishing simulation.
Cybersecurity threat trends report, 2021, Cisco.