Be Prepared: How Proactivity Improves Cybersecurity Defense

These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk.

Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank Group

April 23, 2016

3 Min Read

When responding to an incident, there is always extreme pressure to gather and process digital evidence before it is no longer available or has been modified. As illustrated in the KPMG 2015 Global CEO Outlook report, half of chief executive officers polled said their organizations are either not prepared or only partially prepared to deal with a major cyber-attack.  One reason these executives gave for this lack of preparedness was because too much attention is being spent on preventing attacks, and not enough on protection and response actions.

Here are five examples of how to shift from a reactive to proactive cyber preparedness model through the process of Digital Forensic Readiness.

Maintain a business-centric focus

One of the most significant barriers to cyber preparedness success is a lack of communication. It’s important that all key stakeholders understand the business risks they are trying to manage in both business and technical perspectives.  This includes the “value-add” of cyber preparedness as well as the ecosystem of complementary people, processes, and technology controls required to become proactive.

Don’t reinvent the wheel

Cyber preparedness does not need to be completely built from the ground up.  Methodologies such as Digital Forensic Readiness follow a systematic approach that supports proactive capabilities by leveraging industry best practices, references, methodologies, and techniques from credible and reliable sources (e.g. National Institute of Standards and Technology).  The investment in time, effort, and resources to achieve cyber preparedness should focus on what is required for a successful implementation and not on re-creating materials that are readily available for use.

Security intelligence goes beyond threats

The concept of security intelligence in this model will expand beyond traditional threat information collection.  It encompasses data generated by users, applications and infrastructure so that relevant business impacts can be assessed.  The most effective security intelligence programs take longer-term trends, risks, and business into account.

Keep tabs on external relationships

Where a decision is made to outsource a portion of business operations, organizations must always retain accountability.  With a risk-based methodology, ongoing management and monitoring of the third-party relationships should proactively identify risks and validate compliance with contractual agreements.

Understand costs and benefits

Decisions to skip, substitute, or not invest the amount of time, effort, and resources requires for a successful implement will most certainly result in a failed, incomplete, or misaligned implementation.  It is extremely important that organizations fully understand the impact a cyber preparedness program will have on budgets but also the benefit that will be realized from:

  • Demonstrating incident management maturity

  • Improving the identification and mitigation of a wider range of threats

  • Increasing opportunities to detect and prevent attacks

  • Encouraging good working relationships with law enforcement and regulators

  • Reducing the need for discovering digital evidence

  • Strengthening information management strategies to produce digital evidence when or if needed.

This article was sourced in part from the book by Jason Sachowski, titled “Implementing Digital Forensic Readiness: From Reactive To Proactive Process,” available now at the Elsevier Store and other international retailers.

Related Content: 


Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

About the Author(s)

Jason Sachowski

Director, Security Forensics & Civil Investigations, Scotiabank Group

Jason is an Information Security professional with over 10 years of experience. He is currently the Director of Security Forensics & Civil Investigations within the Scotiabank group. Throughout his career at Scotiabank, he has been responsible for digital investigations, software development, security architecture, project controller, vendor procurement, and budget management. He holds credentials in CISSP-ISSAP, CSSLP, CCFP, SSCP, EnCE.

When not on the job, Jason volunteers his time as a contributing author for an executive writers bureau, as a subject matter expert for professional exam development, and as a speker for CyberBullying and CyberSecurity awareness.

Jason is the author of the book titled "Implementing Digital Forensic Readiness: From Reactive To Proactive Process" available now at the Elsevier Store and other online retailers.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights