Our top cybersecurity predictions for 2023

Our top cybersecurity predictions for 2023

It’s the time of year when the industry begins making its top cybersecurity predictions for the year ahead. Gartner, among others, recently released their top 8 cybersecurity predictions for 2023, writing that supply chain and geopolitical issues will continue to dominate cybersecurity.

In this article, our team looks into the proverbial crystal ball to share their top cybersecurity predictions and what initiatives security leaders should prioritize for 2023.

What Cybersecurity Lessons Did We Learn in 2022?

The breaches, hacks, and cyber breakdowns in 2022  taught us many cybersecurity lessons that we can use to improve security in the new year. Lessons learned include:

  • You can’t rely on MFA.
  • Company stakeholders, including VCs and board members, must have insight into their company’s security stance.
  • Don’t sacrifice security for a 1% improvement of your product. Constant re-architecting creates numerous security holes.
  • Continuous security is mandatory for blockchain. Instead of one-time assessments at launch, teams should strive for continuous validation throughout the project lifecycle.

What Are the Top Cybersecurity Predictions for 2023?

The top cybersecurity predictions for 2023 identified by the team of experts at Kudelski security are:

  1. Basic, human-targeted attacks will be the biggest risk to cyber defenses.
  2. Zero trust will replace VPN.
  3. Insider and third-party risk will rise.
  4. Reliance on passwords will decline.
  5. Skepticism around blockchain security and availability will continue.
  6. Quantum-interested companies will need to start assessing risks.

Prediction #1: Basic, human-targeted attacks, like ransomware, phishing, and email attacks will be the biggest risk to cyber defenses.

In 2023, we will see the most basic security attacks — email compromise, active directory attacks, ransomware, phishing, and multi-factor authentication attacks — continue to be the most effective and lucrative for cybercriminals.

Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system. Phishing and emerging MFA bombing schemes are more sophisticated than ever and will render cybersecurity training ineffective.

“Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system.”

To combat these attacks, corporate security teams should not trust human factors. Instead, they should adopt an offensive security posture. Detection and response initiatives should focus on preventative features instead of reactive quick fixes.

Will your threat detection and response strategies stand up to advanced threats? Watch our webinar to learn how to improve program maturity.

Prediction #2: Zero trust will replace VPN to secure a distributed workforce.

In 2023, zero trust will replace virtual private networks completely as security teams adjust to a more dispersed workforce. With work-from-home here to stay, company network borders won’t look anything like they used to. Employees are accessing most work applications via SaaS, and IT teams are hesitant to inherit the risk of home networks. Mistrusting every device is the key to supporting and securing remote workforces.

Can zero trust be a business enabler? Read our take on this blog from Vincent Whaart.

Prediction #3: Insider and third-party risk will rise as attackers take advantage of vulnerable parties in the economic downturn.

The impending recession will loom even closer in 2023, and cybercriminals will take advantage of the dire economic situation to bribe their way into corporate systems. We predict that software hacking will decline in 2023 in favor of “insider risk.”

Attackers will set aside their hacking skills and instead single out vulnerable employees at third-party vendors, such as shipping authorities, supply chain companies, internet service providers, and software vendors.

Companies must remain vigilant to not only secure their own network perimeters but also build a strong vendor risk management program.

Prediction #4: Reliance on passwords will decline as the flimsiness of MFA is exposed.

While it’s unlikely that passwords will completely disappear in 2023, MFA fatigue could usher in a passwordless future in years to come. The recent Uber breach highlighted the flimsiness of MFA and left security teams searching for a better alternative. In 2023, we’ll see an emphasis on securing accounts with as many other safeguards as possible, including stronger passwords and password managers.

Prediction #5: Skepticism around blockchain security and availability will continue without more caution.

2023 will be another tumultuous year for blockchain technologies unless it shifts away from “point in time” security measures. Currently, too much trust is put into code to be perfect.

Blockchain security teams must layer in more robust controls, including detection and response capabilities, to deter threat actors. The billions of dollars of bridge hacks that occurred in 2022 put a huge dent in users’ confidence in blockchain security.

Luckily, blockchain enterprises and projects are aware that customers are just as concerned about their chosen blockchain’s security as its features. This will lead blockchains to apportion the appropriate resources to improve security in 2023.

In addition to cryptocurrency theft, blockchain availability and stability should be a priority in 2023. If outages and slowdowns continue, blockchains face user decline or even complete collapse.

Learn more about Kudelski Security’s portfolio of blockchain security services.

Prediction #6: Companies concerned about quantum computing should begin assessing risks now.

Controls to prepare for quantum computing are unlikely to see mass adoption in 2023, but keep an eye on it for 2024. The current risks of quantum computing don’t quite outweigh the incredible investment required yet. That said, companies that stand the most to lose from future quantum attacks — e.g., financial services, defense contractors, and companies that transmit extremely sensitive data especially — should begin assessing their risks now.

Are you ready for the era of quantum computing? Watch our webinar to know how to be better prepared.

What Impact Will the Recession Have on Security Teams in 2023?

The recession should have relatively little impact on security teams in 2023. We predict security teams are going to remain mostly untouched even as companies across industries are forced to make cuts to their budgets and workforce in response to the upcoming recession.

American privacy laws will likely elevate to reach current European standards, putting a renewed focus on security and compliance in boardrooms and C-suites.

Additionally, cybersecurity labeling for consumer products, especially on hardware, will further the importance of corporate security teams. Economic hardships will necessitate that security teams work smarter and consolidate to meet the evolving economic and tech landscape.

What Should Security Leaders Prioritize in 2023?

In response to these top cybersecurity predictions for 2023, security leaders should prioritize the following initiatives:

  • Adopting an offensive security posture rather than a defensive one.
  • Focusing detection and response initiatives on preventive features instead of reactive fixes.
  • Phasing out VPN in favor of zero trust strategies for the remote workforce.
  • Building out a strong vendor risk management program to protect against third-party risk.
  • Looking for alternatives to MFA while implementing stronger password requirements and account protections.
  • Working smarter and consolidating to meet the evolving economic and tech landscape.
  • Bolstering availability and security of blockchain-related services.
  • Assessing risks related to quantum computing, especially for those in financial services, defense, or other industries that deal with highly sensitive data.

Get in Touch

Kudelski Security can help you prepare for 2023 and beyond with a comprehensive suite of security advisory services. From MDR and zero trust to blockchain and quantum, our experts can assess, design, implement and manage a resilient cybersecurity strategy. Get in touch with  our team here.

15 Practical Tips for More Effective Cybersecurity Incident Response

15 Practical Tips for More Effective Cybersecurity Incident Response

Building an effective cyber incident response plan requires more than having the right tools in place or engaging the right cyber incident response services. As a security leader, you’re responsible for building the right security foundation and fostering a culture of teamwork and open dialogue during a crisis. Summarizing a recent webinar, this article will explain:

  • 3 Common Pitfalls in Cybersecurity Incident Response
  • 8 Practical Tips for Building an Effective Incident Response Team
  • 4 Technical Fixes to Reduce the Likelihood of a Breach

It almost goes without saying that everything is connected to the internet these days. It’s a business enabler and a necessity in the global economy. But it’s also a playground for cybercriminals.

The good news is the impact of cyberattacks like ransomware can be minimized or entirely prevented with an effective incident response plan in place. And it doesn’t require fancy techniques like AI and machine learning. Don’t get me wrong AI and machine learning can help detect attacks. But they are frequently overrated. It won’t do the job we would all like to think it can do.

Based on our team’s experience investigating breaches for clients, here are the common pitfalls we see CISOs fall into during an incident and some practical tips for avoiding them.

Three Common Pitfalls in Cybersecurity Incident Response

There are three characteristics that come up again and again in organizations that experience an incident, and they are all totally avoidable.


#1 Speed-Based Trust – Thinking Security Vendors Will Do the Full Job for You

Collectively, we have a culture of outsourcing trust. Where we used to trust our peers or institutions, we are now in an era of outsourced, “speed-based” trust. We assume trust in exchange for convenience.

Just as we trust Uber to get us to the right location safely, we trust our security vendors to keep our organizations safe. None of these security vendors, however, can fully address our security issues. We’re going to have gaps.

We call this a Swiss Cheese Model of security. While an MSSP or EDR solution may have you covered when it comes to detection and response, you’re still going to have to assume responsibility for applying patches to close any backdoors that may go undetected and ensure that your systems have secure configuration.

#2 Not Doing the Basics (It Was Never Going to End Well for the Titanic)

Almost worse than the Swiss Cheese Model of security is the Cyber Titanic Model. In the Cyber Titanic Model, you believe you have built a ship that can’t sink. You believe so much in the tools you have invested in, that you let your guard down. Maybe you even relax your security requirements.

Eventually, the boat will sink, and you will not be prepared.

Investing in endpoint detection and network security makes sense, but you need to balance it with basic security practices. If you don’t have a solid foundation of patching, configuration, segregation and hardening, you will just be investing in a sinking boat. Too many times we see breaches that could have been prevented if the basics were in place.

#3 Not Understanding Where to Harden vs. Add New Solutions

To put a finer point on this, detection technology isn’t the end-all-be-all when it comes to preventing an attack. Often security vendors will use the MITRE attack framework to show you how much coverage they can give you across the phases of the attack. This can be helpful but also misleading.

Detection is not the only way to prevent attacks. You can also use MITRE to understand where you need to harden your system to make it harder or impossible to breach your security at each phase of an attack, to begin with.

Watch the webinar “Common Pitfalls Every C-Level Should Know About – Stories From Our Incident Response Team”

Tips for Building a More Effective Incident Response Team

Building a more effective incident response team requires more soft skills than technical skills. Leadership, communication, and policy are critical to improving response outcomes. Here are my top tips.

#1 Understand Organizational Bias

We all have bias because we have experience in certain areas and blind spots in others. Having bias is not the issue. It becomes a problem when you do not recognize the bias.

As a CISO, you will have to understand the bias of your team. They may have a limited view of an issue because they are specialized in a specific area of security. You need to identify the biases, articulate them, and map them. This is foundational to addressing incident response blind spots.

Watch out, especially for the more expert or senior team members who may be very confident in explaining an issue, but don’t have the whole picture.

#2 Bridge Skills to Avoid Bias

One way you can break through the bias is by bringing different teams together to solve a problem. Ask questions that require teamwork to answer. Instead of “Are we secure?”, ask “How bad could it get?”

Then put together a purple team to work together to create a joint report with agreed-upon points of action. This creates a culture of exchange. Teams with better communication will be much better equipped to respond in a crisis situation.

This can cause the organization to focus on a very narrow component of security without addressing the entire ecosystem.

#3 Develop KPIs with Value

Bad KPIs run rampant in security. Security can be hard to report on. But because we want to prove our value, we end up reporting on KPIs that don’t actually mean anything.

We say we blocked one million attacks on our firewalls, or we processed three trillion events because we want to look like we are effective. But what do these numbers actually tell us? If we say we blocked one million attacks on a firewall, all that communicates is that we configured a firewall. If you’re asked for those numbers, challenge the requester, and ask what they’re really trying to understand.

Instead, I recommend going smaller and more actionable with your metrics. Rather than how many attacks we blocked, try reporting on metrics like these:

  • # of common attack vectors removed
  • # of new techniques added to detection coverage
  • % decrease in the attack surface

#4 Shrink Your Digital Footprint

Think about all the data stored in email, your Google accounts, and your mobile apps. All that data can be exfiltrated. Reducing your personal and corporate digital footprint also reduces the impact of a successful attack.

When data is no longer needed, delete it rather than archive it. If you have a legal requirement to keep the data, encrypt it and store the keys off the server. Encrypted data leaks have little to no impact on security, as long as the secret keys remain secret!

Further, how you store data is important. If you have a document on SharePoint called “Insurance Policies” or “Digital Assets Value”, you are giving an attacker a flashing arrow to the documents they need to hold you ransom. If they know your insurance policy is for one million dollars and that one day of disruption would cost your company ten million dollars, they know exactly what to ask for.

#5 Augment your team

Major incidents require more work than your day-to-day security operations. It would be difficult to scale your internal team for such a situation.

Bringing in external partners can help augment your incident response team. Remember to look beyond security when it comes to team augmentation. Your incident response plan will likely include system administrators, cloud administrators, etc.

As a rule of thumb, if you don’t have a dedicated team member working on a required security discipline on a monthly basis, you may need to find an external partner in the event of a breach. While thinking about this, don’t forget your IT. You’ll need to augment your IT operation capabilities. Rebuilding an infrastructure can absorb a lot of resources.

There are different options.  Emergency response support, preparation and resilience support. The best option to go for is usually a 24/7 incident response retainer because you have guaranteed response support when things go wrong. It’s a safe investment – many companies will ensure the retainer can be reassigned to another program, if not spent on incident response services.

#6 Explore Different Response Paths

There is no one-size-fits-all incident response plan. It is up to you, the CISO, to explore different paths and choose the one that will work the best for the organization. In some cases, it may make sense to choose the plan that results in the least business impact. In other cases, it may make sense to err on the side of security.

Augmentation, as mentioned above, can help your team move faster and work on steps in parallel. After all, your incident response process should not be linear; that will only slow things down. If you do augment your team with an external partner or security provider, carefully consider their recommendations and the tradeoff between value and cost.

For example, forensic disk imaging might make sense as part of the plan, but it could overwhelm your IT team with time-consuming tickets. Additionally, security providers may take advantage of an organization’s desperation during an incident, knowing they’ll do anything to get the business back up and running.

Challenge every recommendation and request. Look at the types of requests, the costs, and the hours associated. Ask “Is this really necessary?” or “Could we do this differently?” Explore all the different response paths and choose a way forward.

#7 Foster Open Dialogue

Creating a culture of open dialogue during an incident is incredibly important. If people are afraid to speak up or ask questions, you will not be able to accurately assess the team’s understanding of the question. There are a number of reasons a team member may not feel comfortable asking questions:

  • Fear of looking stupid
  • Tensions within the team
  • Power dynamics created by an authority figure or expert

“Asking questions may mean that you don’t understand something.  But not asking questions, will mean that you remain ignorant.”

As a CISO, you need to be able to spot this behavior and act on it very quickly. You must ensure that everyone has the right level of understanding to do their work. It’s how you will turn an incident into a constructive, rather than destructive, experience where everyone is learning from each other.

#8 Show Your Appreciation

Breaches are stressful for everyone in the organization. As a C-level, you can send signals to your team that you understand the toll an incident takes on them and their families.

It could be as simple as providing food, drinks, and a place close to the office for the team to stay. For remote employees, you could provide a meal of their choice for themselves and their family. It sends a really strong message that you appreciate the work that they (or their mother, father, or spouse) are doing to help the organization. These types of signals can change the mood.

Learn more about Kudelski Security’s Incident Preparedness and Cyber Resilience advisory services

Four Technical Fixes to Reduce the Likelihood of a Breach

In addition to the nontechnical guidance above, I’d like to leave you with four of the low-hanging technical fixes that could significantly reduce the likelihood of a breach. In 70% of the cases we’ve investigated, one of these four best practices was missing.

#1 Proper Segmentation

Often in breach scenarios, we find the organization has a flat network, which makes it much easier for the threat actor to move through.

#2 Zero Trust

Understand the zero trust framework and how to apply it in your organization. Achieving zero trust won’t happen overnight. It’s very iterative work, so be patient.

#3 Timely Patching / Emergency Patching

Threat actors will quickly be there to exploit new vulnerabilities. For that reason, it’s important to have an emergency patching plan in place. Ask yourself “Do I want to have an operational issue or a security issue? Would I rather have a system down or data leaked?”

#4 Configuration

Misconfiguration can have a huge impact, and so, proper configuration can also have a huge impact. Sometimes it’s just a small detail that is overlooked that would allow an attacker to gain access to something they shouldn’t.

Download the Infographic: 15 Practical Tips for More Effective Cybersecurity Incident Response

Get in Touch

It is my hope that if you follow the advice presented in this article, that you will never need our services. However, if you do experience a breach or if you would like a pre-emptive review of your current configurations, architecture, or incident response plan, please get in touch with our incident preparedness and response team here.

Cyber Resilience – A Primer Part 2: Your IR Team Will Fail to Identify Threats and It’s Going to Be Your Fault

Cyber Resilience – A Primer Part 2: Your IR Team Will Fail to Identify Threats and It’s Going to Be Your Fault

Your Incident Monitoring team will fail to detect active threats to your business. Not because they are unskilled, lack specific tools, have limited visibility, or are resource constrained. They will fall short first because you failed to provide them with the focus they need to identify relevant cyber threats.

In my first post in this series, we talked about defining a mission statement with a set of business objectives to help focus your security team’s efforts. This post focuses on how to strengthen your team’s ability to identify the cyber-attacks against your business.

The task before all of us in the security field is growing in complexity with each passing year.

  • What are the business impacting events that could disrupt your company’s ability to execute its primary revenue sources?
  • Do you know what systems would be targeted by Threat Actors? Do you know what is the Threat Actors focus or “Actions on Objectives” will be?
  • Which Cyber Business Threats should your business focus on to enable your business to continue operations during a major security incident?
  • What Threat Actor methodology should your IR team focus on identifying within your environment?

Qualifier: If I asked you how good your threat detection capability was, the chances are you’d believe them to be better than average and would answer as such. Now, what if I were to ask you how confident you were in your team’s ability to detect a few specific threats: data exfiltration, sensitive data exposure, hacking attempts against your web applications, brute forcing of open ports, and use of compromise credentials on cloud services?

Still confident? You’re not alone. Kudelski Security’s IR team works with many clients who – at the beginning of an engagement – believe their detection coverage is significantly stronger than their actual capabilities. The confusion stems from a failure to understand the limitations of the technology stack, underutilized or unrealized technologies capabilities and “a lack of business defined threats that provide clear monitoring requirements against top business threats.”

Example: At a Fortune 500 company with around 10 billion in revenue (with a large security stack); the Security Lead confidently stated they had excellent detection capabilities and they regularly reported such to their stakeholders. After our review, we identified that they had less than 20 generic detection capabilities enabled through their SIEM, IDS and other detection capabilities. They lacked direction from their security leadership in identifying which cyber business threats were the most important, as well as the follow through to ensure that top threats were being monitored.

Evaluating the “Top Threats” to My Business?

Considering the impact each cyber-attack type can have on your business is a critical step to preventing, detecting and responding to cyber-attacks. Kudelski Security refers to these threats which are the opportunity for a Threat Actor to execute a Cyber Attack Campaign against any business. The Cyber Business Threats are grouped into categories based on attackers’ general sets of motives:

  • Cyber Espionage
  • Cyber Crime
  • Insider Threat
  • Denial of Service
  • Third Party Risk
  • Data loss and exposure
  • Business Process Manipulation
  • Corporate IT Resource Hijacking
  • Cyber Propaganda
  • Regulatory / Non-Compliance
  • Hardware / IoT Intrusion
  • Misconfiguration / Miscellaneous Error
  • Physical Theft

Selecting the top threats isn’t easy and takes a deep understanding of your business and the Cyber Threat Landscape. While going into the Threat Modeling process is outside the scope of this post, I recommend that you assume that two of the following listed will be within your Top 5 Cyber Business Threats list: Cyber Espionage, Insider Threat, Organized Cyber Crime and Third-Party Risk, four Cyber Business Threats prevalent within most organizations’ Top 5 lists.

Once you select your Top Threats to the Business, you can pass these along to your IR/Monitoring team. Little has been published in the security sector on the complex translation of these Top Threats into a comprehensive set of detection capabilities. To compound the problem of the lack of documentation, the security industry is still defining its terminology for referencing Cyber Threats, Threat Actors, Business Risks, Incident Impacts, and capabilities.

Example: A specific Threat Actor category is often referred to as “Insider” while the Threat faced by a business is referenced as “Insider Threat.”  How do we translate an “Insider Threat” into actionable requirements for the Incident Response Team? Consider that the Threat Actor “Insider” can be a Disgruntled Employee, Contractor or even a Trusted Third party. How do we accurately associate our existing detection capabilities with each threat type to ensure that we have adequate detection against these threats?

Kudelski Security recommends focusing on the following Threat Actors “Actions on Objectives” which can provide insight into their attack goals. To enable your IR/Monitoring team for success, consider the “Actions on Objectives” as part of the Threat Actors methodology. The Tactics, Techniques, and Procedures (‘TTPs’) used explicitly by Threat Actors to reach their goals should be the focal point around which threat detection and prevention is prioritized. Map out how each one can be executed against your critical assets and sensitive data stores; Financial Gain, Account Compromise, Business Disruption, Gain Industry Advantage, Damage Reputation, Obtain Indirect Access to Target, & Intelligence Gathering.

Now we will combine the Cyber Business Threats with the Action on Objectives to understand the specific risks to your business. This is not a one-time consideration that will outline all prevention and detection capabilities for all threats. The process of selecting your Top Cyber Business Threats and then viewing their specific Actions on Objectives will provide you with insight into how an attack could accomplish their objectives.  As your business changes, you will need to reevaluate how you are protecting the business.

I often like to compare this to both of us standing in a field with the countryside stretched out before us. I point to a spot in the distance and tell you, go there. If I place no limitations on the path you take, you are open to being as creative or straightforward as you want. In Cyber terms, attackers are continually discovering new paths never considered before which constantly keeps security several paces behind. The crucial part is to know what attackers are trying to accomplish within your organization and create the controls and detection capabilities to mitigate the risk.

Example: The Threat Actor category for Cyber Criminal and their Actions of Objectives for Financial Gain can have multiple paths to achieve their objectives. One consideration is that each of these examples has a different level of sophistication, as not all cybercriminals are created equal.

Here are a few examples:

1.) A spammed phishing campaign leads to ransomware on 10% of your computer systems which could leave your business at a standstill. Which controls are most effective in this scenario? 

2.) An open port is a brute forced by the Threat Actor, and the credentials are used to collect data from internal file shares. Then the Threat Actor extorts you for financial gain or he will release all the data publicly. Can you detect outbound data exfiltration? Could data be exfiltrated through a cloud service?

3.) Finally, Malware is installed into your cloud environment that utilizes a cryptocurrency that spikes your CPU cycles costing your business for those cycles. Considering the total level of effort for containment and remediation needed to ensure a secure environment. Would segmentation have limited a Threat Actor’s capability to access the file shares?

The approach outlined in this article can assist you with laying the foundation of your Cyber Strategy. Understanding which type of Cyber Business Threats your business is susceptible to can provide scope and direction to your program. The challenge is to stay focused on current cyber trends and ensure that your cyber strategy aligns with Threat Actors methodology.


Cyber Resilience – A Primer Part 1: Defining Your Security Program’s Mission Statement

Cyber Resilience – A Primer Part 1: Defining Your Security Program’s Mission Statement

What is the number one thing your security team can do for your organization? Take a minute. It’s hard to pick just one amidst the never-ending salvo of competing objectives that security teams are mandated to meet.

Day-to-day tasks, project management, ad-hoc assignments, side projects, departmental red tape, people who flat out ignore the security group – they all have the potential to derail the fundamental “raison d’être” of your security team.

Defining and communicating a mission statement for your cybersecurity program centers your team’s focus on what matters most to help prioritize competing objectives, manage stakeholder expectations, and, ultimately, better secure the enterprise.

Like an organizational mission statement, your cybersecurity mission statement should reflect the purpose of your team and what you’ve set out to achieve. In other words – why do you exist?

Don’t worry, this isn’t as existential as it sounds, and we’ve put together a straightforward set of guidelines to help you get there.

First, a good mission statement will contain the following components:

  • The team’s main function – what is it that your team does for the company?
  • Your primary customers – who is it that your team primarily serves?
  • Protecting the products and services that make up the revenue of your business
  • The geographic location in which you operate

The one thing your mission statement should not be: generic. Make it specific to your business and how your team fits within it. Otherwise, you risk developing a statement that is unused, stale, and ultimately ignored.

Reaching a business-specific statement requires alignment with overarching business objectives. Best case scenario: your executive team has clearly laid these out, making it easy (or easier) to build upon. Worst case scenario: your probing forces the issue to define these business objectives.

If the organization does not have their objectives set and well-communicated, each department is pulling in a different direction, chasing the next new thing rather than operating strategically. This lack of direction makes it difficult in tracking your teams progress towards any business relevant goals.

Here are few questions that can help you identify and align with business objectives:

  • What are the largest cyber threats to your business?
  • What does your company do that could be a target?
  • How does your business generate revenue?
  • What are the crown jewels of your business?
  • How big of a role does compliance play for your business?

For your team specifically, it’s important to ask:

  • How do you make security an enabler of business?
  • What is the culture you are trying to invoke within your team?
  • Who are the customers you are trying to protect? What of assets are you protecting?
  • What are the limitations and capabilities of your cybersecurity program? How is that reflected within your current team?

With a mission statement in place, you will be able to create a set of objectives that help you achieve your cybersecurity goals. For example, the mission statement “Protecting ABC Inc. and securing their assets from brand damaging cyber-attacks,” might have the following set of objectives:

  • Enable secure communications standards that protect our client’s interests.
  • Ensure an agile vulnerability mitigation process.
  • Hire and/or retain world-class resources to defend and respond to cyber threats.
  • Identify and respond with swift clarity to immediate threats to the business.
  • Be innovate in protecting and enabling our core business.

Each of these objectives provides clear direction for your security team – a north star to guide you when competing priorities, pressure from other groups in the organization, or the next “new thing” threatens to sidetrack you from success.

When evaluating Companies overall Incident Response maturity, a common theme has emerged.  Those who adopt a weak Mission Statement, often have similarly under developed cyber capabilities.  While I’m not stating a direct correlation, I have observed that this lack of specific focus translates to a company’s ability to response to Cyber Incident.

If you currently have a generic cyber security mission statement; we encourage you to develop a more meaningful and directionally engaging mission statement to drive your security program forward. If not, and you’d like guidance in moving forward, please do not hesitate to reach out to us at request@kudelskisecurity.com

Coming up next in the Cyber Resilience Primer series: defining what constitutes a security incident and the related risks they impose.