Keys to Working Smarter Not Harder in Cybersecurity Part 4 of 5

Welcome to Part 4 in our discussion about working smarter not harder in cybersecurity.

Let's talk more about perfectionism and how it neglects the immediate issues.  This thinking must be broken and we must avoid “worst-case” and “just-in-case” thinking.  All of these are detrimental to achieving security as soon as it should be achieved.  There is some urgency to achieve things in the immediate.

Pursuit of perfection fallacy and neglecting the immediate

At the heart of older ways of thinking is “pursuing the perfect, at the expense of the good”.  Compare this also to “a good plan today is better than a perfect plan tomorrow”.  Speed and time are of the essence in cybersecurity.  

Pursuing perfection hinders progress to address today’s immediate threats in favor of trying to do things perfectly for tomorrow.  Focus on today just as much as tomorrow, because Ransomware could come suddenly and massively.

Some companies pursue 10 projects simultaneously, and complete none of them.  Some wait to implement critical protections needed in the immediate, while pursuing long-term strategies that will take years to complete.  Meanwhile, they remain vulnerable - today.  

All of this is old-style thinking that can be overcome by attacks and ransomware – big reality checks no company can afford.  Why not work incrementally on small low-hanging fruit today, to stop some of the bleeding?  Implement those 1 or 2 changes to disrupt an attack chain.  One must know where to start and where to precisely focus.

Breaking the older thought processes

Security projects can drag on for years, as the security needle of progress slowly inches upward. In fact. needles also move down, nothing keeps them steady - so just maintaining them is a challenge.

Meanwhile, attackers are gaining huge ground, attacking in ways that run circles around defenders, repeatedly breaching an organization.   There is a better way.

As mentioned previously, patterns of behavior and outdated modes of thinking must be broken deliberately, as a first step.  Organizations must keep up with the latest “cyber threat intelligence” as well as “cyber defense intelligence”.  

This “CTI” and “CDI” includes an awareness of cyber adversary capabilities related to one’s environment (CTI-side) as well as one’s cyber defense limitations, potential blind spots, and unknowns regarding defense tools and capabilities (CDI-side).   Developing CTI and CDI capability is a must, to ensure one’s actions are laser-focused.  More on these in a later article.

Another big detriment and older way - “worst-case” and “just-in-case” thinking

Contrary to conventional thinking, experience has taught me that a “worst-case scenario” and “just in case” approach in cybersecurity may do more harm than good.  Such an approach causes more friction and achieves less results.  While this seems counter-intuitive, it's the reality.  Such approaches result in trying to focus on too many things.

Consider if there were a choice to either apply a single low-impact configuration change to 10 critical systems rather than 100 changes to all 1000 systems “just in case”?  Think of the choice here being made:

We could either focus on 100 “possible” issues “just in case” on all 5000 systems (500,000 issues total – whether a config, patch, etc.) – that’s a tall order.

or

We could focus on 5 actually-exploited issues on 10 externally-facing systems (50 issues when multiplied.) This becomes a reduction of over 99.99% of efforts - this is much more manageable.

Making too many changes could have large operational impacts with resource requirements that become disruptive and create a lot of friction.  Making small changes is analogous to applying oil in specific places, rather than applying oil everywhere, “just in case”.  

Why not apply the oil in places where the rust is most likely to appear based on what is known from experience and intelligence?  That’s called working smart rather than working hard and “doing the right things” rather than just “doing things right.”

Stay tuned for Part 5 where we conclude the Keys to Working Smarter Not Harder in Cybersecurity series.

#Cybersecurity #LessIsMore #Infosec #WickedProblems - CYBER Y'ALL! - @CyberYall

Comments

Post a Comment

Popular posts from this blog

Slay the Log4Shell Dragon TEAM 2 - Hunt and Detect Attacks Playbook

Image
Slay the Log4Shell Dragon Playbook TEAM 2 – Hunt and Respond Playbook Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, as I've said before, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGE CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.   However, for medium and larger sized companies, this approach might not be enough , although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 2 PLAYBOOK o
Read more

Slay the Log4Shell Dragon TEAM 1 - Protect and Detect Vulns Playbook

Image
Slay the Log4Shell Dragon Part 2A - TEAM 1 -  Immediate Protection and Detection Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGER - 8 STEP CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.  However, for medium and larger sized companies, this approach might not be enough, although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 1 PLAYBOOK of recomm
Read more

Keys to Working Smarter Not Harder in Cybersecurity Part 5 of 5

Image
Welcome to the last in the series - part 5 of a  discussion about working smarter not harder in cybersecurity.   We'll look at: How to tackle the huge tasks with bite-sized chunks and baby steps  What to do instead of trying to defend everything despite competing priorities Baby Steps and less is more  It’s been said that a long journey begins with a single step.  It’s also been said that to eat a large steak, you have to do it one bite at a time.  Remember the movie “What About Bob?”  Baby steps folks.  Small incremental progress in important things like low-hanging fruit is key.   A “Less is More” philosophy should be a basis of a better approach in cybersecurity.  Also, “try softer” rather than “try harder” is another important strategy.  Trying too hard usually ends up backfiring and causes too much friction.  All of these things are behavioral patterns on the human and process side of things.   For example, why try to implement 30 items in a  STIG checklist  when the attack to
Read more