CXO cybersecurity imperatives: A threat-informed approach

Harness a threat-intel informed approach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

I think we can all breathe a sigh of relief that we made it to the end of 2021. From acybersecurityperspective, this year was a doozy. We had to deal with one cyber incident after another, across an expanding digital attack surface that, thanks to accelerated cloud migrations, IoT adoption and desktop digitalization, grew at a pace that served only to exacerbate the complexity of responding. With Apache log4j rounding out the year with a festive bang!

Tim Erridge, Vice President of Services atPalo Alto Networks.

Unfortunately, the risk of cyberattack is constantly changing due to ongoing business transformations, so there doesn’t appear to be any slowdown on the near horizon.

Now the obvious question is, what more can be done to gain a greater degree of control over this situation? In 2022, the most critical investment of time and effort would be to adopt a proactive cybersecurity strategy focused on understanding the most credible threats to your business, and to develop preparedness and sustainable cyber resilience for your organization. This strategy is predicated on having visibility, both into the most relevant cyber risks and into how your business is exposed to those risks while it transforms.

Having a clear view of the most credible cyberthreats to your organization and a strategy for addressing them is how you can justify to your key stakeholders the deployment of holistic controls that are proportionate to the real-world threats facing your environment. This allows you to genuinely improve the organization’s security posture and resilience.

Harness a threat-intel informed approach to continuously evolve your security strategy

Threat intelligence exists to support informed decision making. Here are some of the steps you can take:

It’s important to realize this is not a one-time exercise. Instead, this needs to establish the capability to continuouslymonitorand evaluate your dynamic business’ digital ecosystems, as well as the evolving threats. Therefore, it is imperative to embed this in a repeatable way, i.e. via policy and process (and ideally automation) throughout your system’s lifecycle. Adopting a threat-intelinformed approach for both “change” and “run” initiatives can be the game changer here.

This threat-intel informed approach fuses research, empiricaldataand expertise to build out a holistic, strategic view of your organization’s threat landscape.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Empower the board to provide true oversight and get them on your side

You need a compelling business case to receive funding and support for your security programs from key stakeholders, including your Board of Directors. Reactionary and ambiguous reports don’t resonate; there’s no room for panic. Too much technical detail also doesn’t work, as it takes too long to digest. Instead, try outlining the full potential set of business consequences and the cost associated with an inefficient and ineffective cyber defense to highlight the risks facing your organization in a language your stakeholders understand. Showcasing how you’re helping the Board and key stakeholders understand the “why” behind your plan will help you get them on your side.

This approach enables you to clearly demonstrate how the investments proposed establish sustained security and resilience, pivoting from consequence limitation to the business benefits realization of an enhanced security posture. Here are some of the steps you can take to build a business case:

These steps will enable you to build alignment and trust at the highest level of your organization and obtain the resources needed for your strategic planning.

We’ve featured thebest endpoint protection software.

Tim Erridge, Vice President of Services at Palo Alto Networks.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set