EDITOR ’ S QUESTION

For cybercriminals , the adage of ‘ if it ain ’ t broke , don ’ t fix it ’ remains applicable when it comes to conducting cyberattacks against organisations . All too often , it ' s tried and true methods that continue to lead to success for attackers . As defenders , we know how most cybercriminals operate , yet all too often organisations around the world continue to be breached each and every week . a systematic and comprehensive approach to assessing the extent to which cyber-risks to essential functions are being managed by the organisation responsible . The Framework is intended to be used either by the responsible organisation itself ( self-assessment ) or by an independent external entity , possibly a regulator or a suitably qualified organisation acting on behalf of a regulator . In the United States , the National Institute of Standards and Technology ( or NIST ) has published the NIST Cybersecurity Framework ( CSF ) which is designed to help organisations reduce their cyber-risk . The five components of the CSF are to identify , protect , detect , respond and recover . These frameworks are applicable to businesses of all types .

The threats organisations typically face are spearphishing and malicious downloads to known vulnerabilities and weak passwords . Even if an organisation is adequately prepared to defend against the most common attack techniques , we know that some cybercriminals will find novel ways of breaching organisations . We saw the aftermath of the Log4Shell vulnerability and how much of an impact it had on organisations around the world .

The UK ’ s National Cybersecurity Centre ( NCSC ) Cyber Assessment Framework ( CAF ) provides

Log4Shell and incidents like it remind us that it ’ s not a matter of if , but when , a cyberattack will be successful . Understanding all of the conditions that matter in today ’ s complex and dynamic environments help the organisation understand the full breadth and depth of its exposures , allowing security teams to take the actions needed to reduce them through remediation and incident response workflows . It is also vital that organisations have an adequate incident response plan in place and documented procedures for how to recover following a cyberattack . Conducting tabletop exercises , simulating a real-world scenario of a breach , can help organisations better prepare for a real-world attack .

Satnam Narang , Senior Staff Research Engineer , Tenable

Most organisations will likely remain safe if they implement the guidance from the NCSC CAF . However , there ’ s still determined attackers , such as advanced persistent threat ( APT ) groups and other cybercriminals , that will continue to chip away at possible entry points into an organisation . Understanding attacker behaviour helps inform security programmes and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths , ultimately reducing exposure to cyber incidents .

20 www . intelligentcxo . com