Many organisations are failing dismally at gaining a comprehensive understanding of their critical IT systems and environmental elements, in order to implement an effective risk management strategy.

That’s according to Kris Budnik, independent security consultant, who was speaking at the ITWeb Security Summit 2019, hosted this week in Sandton, Johannesburg.

Budnik discussed the importance of situational awareness in driving security improvements and the role it plays in creating a true perception of the IT environmental elements, and providing a projection of the future status.

“Simply put, situational awareness is knowing what is going on around you. Know thine enemy, but know thyself better. The uncertainty regarding an organisation’s own capability and the cyber criminal’s capability leaves businesses lacking knowledge about their vulnerabilities. You need to know what’s behind you, what’s ahead of you and what’s on either side, to understand how safe or vulnerable you are.”

IT teams are constantly trying to satisfy their stakeholders, chasing too many alerts and false positives; they cannot keep pace with security threats. As a result, they don’t have a good knowledge of their systems and they’re unable to trust their own capabilities, he said.

“IT teams get caught up in the tendency to do too much and turn their attention to where noise levels are the greatest. When building a strategy for cyber resilience, it’s critical that more effort and planning goes into clearing up the `fog of war’, which is the uncertainty regarding one's own capability, an adversary’s capability, and the adversary’s intent. It’s the only way we can stay ahead of the more agile and unpredictable cyber criminal.”

A good starting point, he advised, is for companies to:

1. Understand the various categories and ownership of all connected devices;

2. Know the storage locations and channels of data;

3. Be well versed with the organisations’ various IT systems and application groups.

“In putting this all together, you need to consider attack scenarios and prevailing techniques, know your weaknesses and strengths, assess the gaps, add a pinch of risk appetite (regulations, risk, governance) and consider probability and impact (industry, threat intel, economic conditions, organisational culture, etc.),” he pointed out.

He unpacked the critical components of good situational awareness – perception, comprehension and projection.

“Situational awareness is broken down into three segments: perception of the elements in the environment, comprehension of the situation, and projection of future status.

“It’s also important to take into consideration the task and environmental factors, which consist of workloads, stressors, system design and complexity.

“In addition, it’s advisable to run thorough analyses such as a vulnerability analysis, access controls and network analysis, which is the mathematical analysis of complex working procedures,” he concluded.