How to Crawl, Walk and Run Out of Crisis and Into Digital Transformation //12.09.20
It’s time to create a roadmap for digital transformation that has cybersecurity and resiliency at its core
When we begin recovery from today’s global coronavirus pandemic, whether it be 12 months or 2 years from now, I believe that there will be two types of companies that emerge. Those who can hit the ground running in a period of rapid digital transformation, and those who will struggle to emerge from the crawl phase, at risk of being left behind.
Recently I had the pleasure of recording a podcast with Melissa Hathaway, former cyber policy advisor to the Bush and Obama administrations, on the topic of digital transformation. She observed that we have a window of opportunity right now during the COVID-19 pandemic to finally embrace transformative technologies that have been available to us for nearly a decade. She remarked that our unanticipated collision with technology — as we move from physical to remote work operations — has been a useful catalyst for action. I agree that the current environment offers companies an opportunity to rethink how they’re going to market as digital businesses. I also believe it’s time for both private and public sectors to lay the groundwork that moves us from a crawl to a steady walk. Only those who are walking will be able to run when we emerge from the COVID-19 crisis.
As the leader of our Secureworks Counter Threat Unit™, I see every day why cybersecurity is an essential component of digital transformation. Those who implement transformative technologies with security in mind are better prepared to manage risk on the fly, grow revenue and safeguard shareholder value. Right now, it’s understandable to be in the crawl phase. Many organizations had to stand up remote work technologies and operations overnight. But it’s also time to consider how you’ll adjust your cybersecurity priorities and capabilities to enable the new normal.
Here’s how you can take meaningful steps in your cybersecurity program to help you crawl, walk and run toward digital transformation when we’re finally on the other side of today’s challenging crisis:
Crawl: Identify Vulnerabilities and Document Exceptions
- Identify key systems and data assets, where are they stored, and what are the technologies. Understand whether they have vulnerabilities, patch where you can, and add compensating controls where you cannot.
- Take advantage of your company’s attention on disaster recovery right now and ensure that the cybersecurity component is included in those plans.
- Develop and test your incident response plan. A shift to remote work can introduce new risk, increase your attack surface, and change capabilities and roles within in your existing plan. If your IR plan is untested, you could end up remediating a breach instead of moving forward during recovery.
- Begin the process of change management. Document all the exceptions you make to cybersecurity processes and policies as you go, including firewall change exceptions, working outside MFA or bypassing VPN. Forgotten exceptions could leave a back door for the adversaries, right when business operations begin to stabilize.
Walk: Embed Security Controls and Governance for the New Normal
- Implement Multifactor Authentication (MFA) and VPN. Remote work is here to stay. I can’t tell you how many times our adversarial testers have gained access to a customer’s network simply by password-spraying.
- Embed identity access management policies across the business. Identity is the new perimeter.
- Revisit your remote work capacity. Is a Cloud strategy in place to enable employees to access to the information they need from wherever they are? Do you have enough internet bandwidth for future connectivity requirements? In our podcast, Melissa also called out the significant groundwork that governments, supply chain leaders and infrastructure industries will have to lay soon in order to pave the way for digital transformation.
Run: Accelerate Detection and Response, Reduce Friction
- Increase your monitoring and visibility to include endpoint and cloud services. This is where you’ll find malicious activity in a decentralized, remote working environment. Know what right looks like versus abnormal activity in that new environment.
- Actively hunt for threats and re-entry attempts. In combination with visibility, these two capabilities can stop attacks sooner with less damage.
- Bring detection and response capabilities up to the speed of digital business. Software-driven solutions with behavioral detectors and analytics will improve detection fidelity, reduce distracting noise, and streamline tedious lower level investigations so your people can spend their time on critical incidents and rapid response.
Securing the new normal won’t be easy for some who still struggle to remain operational. The fact remains, however, that trying to remediate a breach in a fragile state can easily do more damage than taking time to implement an adequate defense. Cybersecurity is always essential, but in today’s environment it’s mission critical. And when we’re finally on the road to recovery? It will be an imperative.