SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Fortinet's top tips for cultivating situational awareness of cyber threats
Wed, 19th Jul 2017
FYI, this story is more than a year old

IT professionals should brush up on their situational awareness to better defend their organisations against cyber threats – even in the technology space, cybersecurity provider Fortinet says.

According to the company, people are constantly looking for ways to improve their current situations – such as finding the best routes to avoid crowded city traffic and keeping track of a suspicious person in a room – but

But Fortinet's Australia country manager, Ben Field, says that situational awareness doesn't extend to how they use IT.

“They click on links without a second thought, open files they don't recognise, and connect to wireless networks they are unfamiliar with. If people could become more situationally aware in their handling of computing devices, they − and the organisations they work for − would be victimised by cyber threats much less often.

Businesses can start their journey to situational awareness by first understanding the business priorities, risks and threats.

Fortinet advises that IT leaders should be able totheir issues within short and long-term business objectives, have a clear line-of-sight across the business and its technologies and finally be able to establish policy and governance for everyone who has access to company data.

The company has four guidelines for IT leaders and where their focus should lie:

1. Business mission and goals: Understand the organisation's business mission, and then align it to those processes and resources that exist to enable that mission.

Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes. Organisations should also prioritise data and systems, determine which have regulations tied to them, and compare their priorities with those teams that share these resources.

2. Cyber assets: Understand and catalog all the assets on the organisation's network, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, what applications reside on those devices, and what data they hold.

Once firms gain full knowledge on the devices they own, they need to ensure these devices are securely configured and patched as the vast majority of exploits target publicly known vulnerabilities that are five or more years old. Always prioritise the critical vulnerabilities.

3. Network infrastructure: All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk level can become very different.

Organisations must strive to thoroughly understand their topology because cybercriminals are spending much time and resources to learn it to exploit the vulnerabilities in the system. Understanding how and where devices are connected and the data that flows through them will determine where the risks are, and let organisations implement appropriate policies and countermeasures, including technology solutions that are most suited to protecting their unique environment.

These solutions must allow devices to interact, share intelligence, and respond to threats in a coordinated fashion anywhere across the extended network.

4. Cyber threats: Understand the capabilities and tactics of threat actors targeting your organisation. Threat actors can include government sponsored cyber espionage, organised crime, hacktivists, insider threats, opportunistic hackers and internal user errors. Organisations need to know which of these threat actors are most likely to be focused on stealing the data that resides in the network.