Lee Chieffalo at Viasat explains why cyber security war rooms are essential and how you need the right team to build them and practise in them
When the COVID-19 pandemic hit, there was no shortage of headlines about the new security challenges caused by the shift to remote work. However, in reality not all of these problems were new, what the pandemic did was expose and exacerbateexisting security weaknesses.
For example, in the rapid shift to remote working, many organisations' most immediate solution was to relax their Virtual Private Network and Remote Device Protocol policies to give workers access to applications and data through personal devices and home networks. But this often led to misconfigurations that cyber-attackers were fast to exploit.
Additionally, although cloud adoption was already on the rise before COVID, many enterprises are now entirely cloud-enabled, making the perimeter increasingly obsolete. Threats are no longer just malicious actors that make their way in; today, they include inside actors, misconfigured services, and shadow workloads containing sensitive enterprise data. These additional threats are accelerating the urgency around gaining visibility over data as it’s transferred from server to server.
And that's not all that's changed following the increase in remote cross-team communication. IT and security teams were already battling competing priorities, but now they need to take extra steps to resolve an issue. And worse? Hackers thriveon this kind of chaos. Even the laziest hackers will exploit a lack of cross-team communication to gain access to the network's most critical resources, often moving under the radar until it's too late. Internally, this not only leads to breaches, potential loss of sensitive data, and millions of pounds’ worth of fines and legal liabilities, but also finger-pointing that exacerbates pre-existing cultural silos between teams.
Update your war room strategy
After nearly two decades and three combat tours with the US Marine Corps as a network architect and engineer, I have learnt first-hand about how to mitigate high-risk situations: in cyber or otherwise.
In security, like combat, there is no better way to prepare for the next attack or crisis than getting tightly aligned on war room strategies. War rooms are designed to bring key decision-makers together and arm them with all the information necessary to make rapid decisions during high-risk situations.
The same techniques used in real-world combat apply in cybersecurity operations. The only difference is that instead of bullets flying downrange, it's packets. Instead of nation-states going at it, you have everyday groups of hackers trying to gain access to your network, steal your information, or degrade your service. Any security practitioner will tell you: it's a war zone.
Build a bulletproof war room
With this in mind, here are three tips for establishing a bulletproof war room that delivers deep organisational visibility and enables rapid decision-making.
1. Bring the right people to the room
In today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams comprising areas such as cloud, network, development and automation.
Although these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organisation. When security teams send updates or find threatening exploits, it's not just their system that is impacted; it can produce serious consequences across all areas of the business.
2. Empower teams to overcome decision paralysis
In combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be made quickly.
3. Plan for various scenarios and risk levels
In one instance, a war room could bring together a group of engineers from different disciplines to investigate or troubleshoot a potential threat that crosses into all of their systems.
In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future — whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities.
No matter the risk level, war rooms can function as catalysts for aligning on sharp, effective plans, both in offensive and defensive situations.
Don't overlook the basics
IT and security professionals' jobs became increasingly more difficult in 2020 — they've re-imagined the traditional enterprise network and created new, safe ways of working all while combating deeper cultural silos than ever. In this new reality, one of the biggest mistakes organisations can make is to skip the security basics.
Building a cohesive war room gives IT and security teams new ways to collaborate, work together, share information, and avoid finger-pointing. Reaching out to colleagues can build bridges that help solve these new challenges. In the Marines, I saw first-hand the power of what can be accomplished when teams focus and work together. The principles of “improvise, adapt and overcome” can be equally be applied to cybersecurity, as to forces in the battlefield.
Lee Chieffalo is Technical Director of Cybersecurity Operations at Viasat.
Main image courtesy of iStockPhooto.com