Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/20/2021
10:00 AM
Lee Chieffalo
Lee Chieffalo
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Tips for a Bulletproof War Room Strategy

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.

When COVID-19 hit the United States, there was no shortage of headlines about the new security challenges caused by the shift to remote work. There is truth in that, but I argue that, rather than creating new problems, what the pandemic did was expose and exacerbate existing security weaknesses.

For example, in the rapid shift to remote working, many organizations' most immediate solution was to relax their virtual private network (VPN) and Remote Device Protocol policies to give workers access to applications and data through personal devices and home networks. But this often led to misconfigurations that cyberattackers were fast to exploit.

Related Content:

How to Build Cyber Resilience in a Dangerous Atmosphere

How Data Breaches Affect the Enterprise

New From The Edge: How the Shady Zero-Day Sales Game Is Evolving

Additionally, although cloud adoption was already on the rise before COVID, many enterprises are now entirely cloud-enabled, making the perimeter increasingly obsolete. Threats are no longer just malicious actors that make their way in; today, they include inside actors, misconfigured services, and shadow workloads containing sensitive enterprise data, accelerating the urgency around gaining visibility in the east-west corridor.

And that's not all that's suffered from the increase in remote cross-team communication. IT and security teams were already battling competing priorities, but now they might need to take extra steps to resolve an issue. And worse? Hackers thrive on this kind of chaos. Inherently lazy hackers will exploit a lack of cross-team communication to gain access to the network's most critical resources, often moving under the radar until it's too late. Internally, this not only leads to breaches, potential loss of sensitive data, and millions of dollars' worth of fines and legal liabilities+, but also finger-pointing that exacerbates preexisting cultural silos between teams.

Update Your War-Room Strategy
For nearly two decades, I actively served the US Marine Corps, completing three combat tours. After spending the majority of my military career as a network architect and engineer, I approach my cybersecurity work at Viasat with a unique perspective on mitigating high-risk situations.

In security, like combat, there is no better way to prepare for the next attack or crisis than getting tightly aligned on war-room strategies. War rooms are designed to bring key decision-makers together and arm them with all the information necessary to make rapid decisions during high-risk situations.

The same techniques used in real-world combat apply in cybersecurity operations. The only difference is that instead of bullets flying downrange, it's packets. Instead of nation-states going at it, you have everyday groups of hackers trying to gain access to your network, steal your information, or degrade your service. Any security practitioner will tell you: It's a war zone.

Build a Bulletproof War Room
Here are three tips for establishing a bulletproof war room that delivers deep organizational visibility and enables rapid decision-making.

1. Bring the Right People to the Room
In today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams spanning cloud, network, development, automation, and more.

As much as these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organization. When they send updates or find an exploit that threatens their system, it's not just their system that is impacted. It can produce massive consequences across all areas of the business.

2. Empower Teams to Overcome Decision Paralysis
In combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be quickly made.

3. Plan for Various Scenarios and Risk Levels
In one instance, a war room could bring together a group of engineers from different disciplines to investigate or troubleshoot something that crosses boundaries into their systems.

In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future, whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities.

No matter the risk level, war rooms can function as catalysts for aligning on sharp, effective plans, both in offensive and defensive situations.

Don't Overlook the Basics
IT and security professionals' jobs became increasingly more difficult in 2020 — they've re-imagined the traditional enterprise network and created new, safe ways of working all while combating deeper cultural silos than ever. In this new reality, one of the biggest mistakes organizations can make is to skip the security basics.  

Building a cohesive war room gives IT and security teams new ways to collaborate, work together, share information, and avoid finger-pointing. Reaching out to colleagues can build bridges that help solve these new challenges we're facing together. In the Marines, I saw firsthand the power of what can be accomplished when teams focus and work together. As the Marines advise when facing times of chaos: "Improvise, adapt, and overcome."

Lee Chieffalo is Technical Director of Cybersecurity Operations at Viasat. Prior to joining Viasat, he completed three combat tours with the US Marine Corps and actively served for nearly two decades. After spending the majority of his military career as a network architect ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
CVE-2021-32554
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.