Managing the predictability of cyber risks
Cyber crime and the risk it poses to companies have escalated massively over the past 24 months – putting the most valuable asset of a company, its data, at increased risk.
Because of the rapidly changing cyber environment and the fact that companies are fast-tracking digital transformation, predicting the right cyber risk management approach for your organisation is now more crucial than ever.
Managed Predictability is the brainchild and trademark of the award-winning IT governance and architectural services consultancy AVeS Cyber Security. At the heart of the consultancy’s ethos is adapting to the changing landscape through a risk-based cyber security model.
In a recent webinar by AVeS Cyber Security, Group CEO Charl Ueckermann emphasised the importance of predictive monitoring in cyber security.
“The cyber environment is changing so fast, and we cannot only rely on a general assessment every once in a while. It simply isn’t efficient, nor is it effective. It is like driving your car from one garage to the next, hoping nothing goes wrong on the way. What you should do instead is constantly keep an eye on the changing fuel levels and temperature – you can’t just drive blind and hope for the best,” says Ueckermann.
The same principle applies to the IT environment.
Ueckermann refers to the IT environment as a cyber estate that needs maintenance to ensure that confidentiality, integrity and availability are always delivered to the client. Following a predictive risk management model on your cyber estate is a fundamental step each company must take.
“The landscape is changing so fast; costs need to be driven down, we need less risk and the environment should be significantly more predictable.
“Previously, companies tended only to react when things broke or didn’t work, instead of monitoring the situation in a predictive way to foresee the problems that might occur. The key to bringing more predictably into your IT is not to overcomplicate things, but to look at things holistically,” Ueckermann said.
Changing risk landscape
The cyber risk landscape is continuously evolving, more so in the past 24 months.
Ueckermann explains: “Cyber incidents have increased the past 24 months with a major increase in targeted attacks, especially in Africa.
“These days, data is a company’s most valuable asset. If data is not available, the company won’t operate optimally. Furthermore, cyber risk is directly related to business risk. Cyber risks are not the same as cyber threats, which are the particular dangers that create the potential for cyber risk.”
Driving the increase in cyber attacks is a combination of factors – economic and trade battles, political instability worldwide, and now also COVID-19. Unemployment rates worldwide have reached a boiling point, forcing more people into criminal activities like cyber crime.
Predictive cyber risk management needs to be high on every organisation’s priority list in this ever-changing market and new regulatory landscape.
AVeS Cyber Security is an IT governance and architectural consultancy that focuses on helping companies improve their process consistency, reduce their cyber risk, increase their IT systems’ efficiency, empower expertise among their staff and operate intelligently with smart systems in place.
“Ultimately, we want to enable clients to operate at a higher level and help them work proactively with less risk,” says Ueckermann.
What is Managed Predictability?
Guido de Jager, Security Operations Manager at AVeS Cyber Security, says everything starts with the screening of the customer, where the risks of different technologies are assessed.
The next step looks at the likelihood that those technologies could be compromised and what the impact would be on the business if they were hacked. Only then can you start looking at achieving Managed Predictability with the customer.
De Jager explains that AVeS Cyber Security uses a Security Posture Assessment to identify the high-risk categories within an organisation that could lead to a potential breach or a potential cyber attack.
The assessment entails the following:
- Information security policies: To determine whether the client has information security policies in place.
- Network security: Review firewall, mail security, web app security, SSL security, endpoint protection, passive network monitoring, cloud security and wireless security controls.
- Access control: Review identity authentication, two-factor authentication, VPN access (remote access for external users), network access controls, physical security to critical systems, privilege access management and the Active Directory’s health state.
- Business continuity: Review the disaster recovery plan, quick recovery from hardware/system crashes, quick recovery from data loss or corruption, backup solution, monitoring and reporting in place.
- Compliance: Review network monitoring, mail archiving, SIEM solution and alerting, and asset management systems.
- Confidentiality: Review encryption, mobile device management, DB/SQL security and data loss prevention systems.
- Risk assessment: Review vulnerability management systems, security user awareness, incident response plans, penetration testing and red teaming controls.
Predictive cyber security
Schalk Rust, Lead SOC Engineer at AVeS Cyber Security, points out that traditionally IT was done reactively, where incidents were monitored after they happened, and staff only responded once the network was down. Nowadays, he says, companies need real-time visibility into their cyber environments – a predictive model – so that IT experts can take immediate action because every second counts.
What is required for a next-generation security operations centre (SOC)
To establish a good cyber security posture, you need an appropriate set of well-configured SOC tools, such as anti-virus solutions for endpoints and servers, firewall systems for network security, network monitoring and behaviour monitoring for devices, and global threat feeds.
What makes an SOC truly different and successful is the SIEM – the security incident and event management system – that powers all the SOC tools.
AVeS Cyber Security uses Splunk as its SIEM solution. A traditional SIEM solution monitors and analyses security events, but Splunk offers much more and allows for greater visibility in half the time.
Splunk incorporates best-practice frameworks and threat intelligence to analyse threats better, offering more in-depth knowledge on past and present threats. It also allows organisations to augment machine data and integrate with third-party applications and other SIEM solutions to gain additional insights.
Incident response management
Be prepared! An incident can be expelled or eradicated without data loss if you have a rock-solid incident response plan in place. With legislation like Europe’s GDPR and South Africa’s POPIA, protecting data – especially sensitive/confidential/personal information – is crucial. The only way to do this is to get a predictive cyber risk management model in place.
AVeS Cyber Security has built a rock-solid incident response management system that covers the following phases:
- Incident response execution plan
- Roles and responsibilities
- Lessons learned
How can AVeS Cyber Security help your company?
There are a couple of things needed to manage IT risks in an organisation effectively. Firstly, start with a solid governance framework to guide your cyber risk management plans and activities. Companies need to use a risk-based model to yield the best return on investment, and AVeS Cyber Security follows a lean approach to achieve this: Screening > Likelihood > Impact > Managed Predictability.
This is done using well-known industry standards and governance frameworks. Once the initial assessment is completed, AVeS Cyber Security can propose the correct level of SOC implementation for your organisation to efficiently monitor, analyse and proactively respond to cyber threats.
AVeSCyber Security does this by leveraging the single pane of glass offered by Splunk (an enterprise SIEM solution). This is then topped off with a comprehensive incident response plan, which will take your company from a reactive to a proactive state in your cyber security maturity.