One of the biggest issues in cyber security is being able to move fast enough to keep up with the speed of emerging threats.

Usually, the bigger your organisation is – the harder it is to move fast.

Here are some best practices from my professional experience:

#1 Identifying a threat:

We need to be CONSTANTLY aware, proactively searching for threats, not waiting for them to happen.

Currently, there are so many data sources, whether it’s groups, blogs, publications or even vendors themselves. So use them. You need to be able to react quickly if you spot a CVE or an exploit that has a high impact on your type of systems.

How to stay ahead:

1. I recommend reviewing at least several times a week both the blogs/groups and both all official sources for CVE’s. Or even set up alerts when your specific systems or vendors are mentioned etc.
2. I personally subscribe to most Cyber Security groups and most big vendors that my systems run on. That way I catch the info from the “researcher” aspect and from the vendor directly.
3. I also recommend reviewing some dark web forums, searching for issues that have a direct impact on your systems. (of course, use caution and stay legal.)

Note: If you come across many blogs on the dark web about an exploit, but there’s no official CVE post … it’s very likely that it means they haven’t caught up yet and you should investigate anyway. Unfortunately, reality shows that you need to “trust” the bad guys more than the vendor on exploits.

#2 Searching for Solutions:

Vendors. Stay connected to vendors that have already proven themselves and constantly search in blogs/forums/ groups for new vendors that can provide the best solution for your biggest threats.

I don’t think I need to expand more on this. I don’t think it’s challenging to find new solutions, the vendors are working hard enough to ‘put it in front of you’ 🙂 And worst case, a quick search should give you what you need.

#3 Testing solutions:

This is one of the most important elements in the ability to “keep up with the threats” and many companies I have seen aren’t allocating sufficient resources to this. Meaning the ‘shopping for solutions and testing’ process is very long.

Of course, it depends on the size of the company but I think that even a mid-sized company should have 25% of the System Administrator role focused on seeing if solutions meet SPECIFIC threats in YOUR environment. The quicker you can get through this, the quicker you can move onto the next step.

How to stay ahead:

1. Have a “ready to test” lab that you can test threats in a sandbox environment that is the maximum level of similarity to your production system. All of course in a fully isolated network and systems with best practices.
2. Always do a POC (proof of concept) before rolling out, even on a small scale. The truth is, some vendors “oversell” and some solutions are amazing but just don’t work well on your specific environment.

#4 Build a deployment plan:

After a positive POC, you need to get all of your “players” together and build a specific plan including:

• IT (Infrastructure & Networking)
• Cyber Security
• Compliance

Doing this is far quicker than trying to do it on your own! Let the experts share their expertise.

How to stay ahead:

1. Quantify how much time and resources you will need to deploy the solution. The impact on production it will have as well as the regulation or compliance issues there could potentially be.
2. Understand exactly how many work hours it will require from each team to be able to move forward quickly, both one time install and ongoing maintenance and support. This saves nasty surprises with budgeting and also management.
3. Consider if it’s worth outsourcing cyber security to an external company if you have a lack of IT and cyber labour resources inside the company.

#5 Quantifying Threats & Solutions into Financial impact figures:

You know your threat. You know your proposed solution. You know the professional labour required to make it happen.

Now you need to translate this to the language that your Board / decision-makers will understand quickly (most important will be able to make a quick decision.)

You need to be able to show:

• Total threat cost – what is the full, actual “cost” of the threat?
• A breakdown of the threat cost by different vectors like the Market Loss, Regulation Loss, Sales Loss, and Salary loss
• Your TOTAL solution cost ( Solution cost (one time and yearly) + implementation labour costs + ongoing support labour costs)

How to stay ahead:

1. Boardish simplifies this process immensely by translating all of this information into a “ready to use” dashboard for your board/decision-makers, allowing them to make a QUICK decision.

#6 Presenting your request to the Board / Decision-makers:

I have seen, in my experience, how companies HAVE EVERYTHING READY and could be waiting 6 months for the board/decision-makers to approve their proposal… and during those 6 months a breach/hack will happen ( I’ve seen it many times). And the cycle just repeats.

In 2020 we really don’t have the prerogative to “wait” – the bad guys are not waiting – neither can we.

So how do we stay ahead?

This is the Easiest part!!!

1. Present the information in their way of thinking – in mitigation, financial impact, and business terms.
2. Show ACTUAL figures. Quantify the costs of the risk, quantify the impact. That will help them make the decision faster.
3. Be prepared to run simulations and adjustments for different scenarios, filtering by the information the board wants to see.

If you follow the above, you’ll see that in most cases the board will understand the need to act. And will do it quickly.

Eli Migdal – Founder of Boardish