Welcome to Cyberstrike Brief, your source for the latest cybersecurity insights in smart manufacturing.

Cyber Leaders Overemphasize Prevention, Neglect Response Plan

Preventing industrial cyber attacks isn’t impossible, but it’s also not a solid strategy for protecting data.

by Max Vetter, Chief Cyber Officer, Immersive Labs | Aug 22, 2024

Cyber Leaders Overemphasize Prevention, Neglect Response Plan

A pattern has emerged that is putting organizations at immense risk: cyber leaders are placing too much emphasis on before-the-incident preparation, and not enough on their teams’ after-incident response.

On the heels of the recent MGM cyberattack, large organizations are reminded just how devastating a simple breach can be for business, reputation, and the bottom line. Unfortunately, ransomware continues to run rampant, and such attacks have doubled in cost over the past two years. Clearly, cyber attacks aren’t a matter of “if” anymore, but a matter of “when.”

Prevention Is Overly Prioritized, Putting Organizations at Risk

The most recent proof point of this pattern comes from a recent study on cyber resilience, which found that the majority of cybersecurity focus across the MITRE ATT&CK framework falls in the earliest stages of the attack lifecycle. Unfortunately, this allocation of resources doesn’t suit organizations well because the framework of skills utilized by attackers increases throughout the cycle, and the abilities needed to prevent threats later in the framework also become more complex.

Across industries, we’re seeing cybersecurity leaders deploy tactics like cyber training and task forces to help their organizations prevent cyberattacks, but it’s worth noting that leaders should not overly rely on technology to detect and stop threats. Instead of focusing on stopping threats altogether, leaders should prioritize building cyber confidence and resilience for their entire workforce.

In an era when many security leaders spend too much time, money, and energy on prevention, we must shift strategies to investing in strategies that empower teams to respond faster and more confidently to emerging threats.

Cyber Preparedness and Resilience Should be the Focus

Cyber preparedness takes on two meanings: preparing to prevent attacks and preparing to handle attacks. As mentioned before, organizations that are focused on preventative efforts through technology and early-stage training are missing a major opportunity for their organizations’ cybersecurity postures by not emphasizing the “prepare to handle” aspect.

The harsh truth about the cybersecurity world is that no matter what preventative tactics we employ, hackers are always going to be one step ahead of the “good guys.” Although we can’t confidently predict a hacker’s next move, we do know they’ll likely advance quicker than us, so it’s how quickly we can react and mitigate crises that matters – which takes work.

Because experiencing a breach is more or less inevitable, organizations must implement training and resources to strengthen the cyber resilience of the workforce before, during, and especially after an incident. For instance, while looking at the MITRE ATT&CK kill chain, ensuring employees’ abilities to detect attackers’ efforts to establish persistence in the environment is critical to building resilience and lessening attackers’ success rates.

The stronger the cyber resilience of the workforce, the better suited they are to prepare for – and respond to – persistent cyber threats.

How Organizations Can Implement This Approach

Just like any skill in or out of the workplace, cyber leaders should continuously exercise their employees against realistic and emerging threat scenarios. Attackers move quickly, so upskilling must match that pace as much as possible. These trainings can come in many forms, including gamified exercises, and should be engaging, timely, and consistent. Leaders should avoid implementing one-off cyber skilling fire drills that are largely ineffective.

As part of these trainings, organizational leaders should find a way to assess and identify skills gaps in their team and implement the appropriate tools to help upskill teams. Although there are plenty of great technological tools to help in the detection and mitigation of threats, the human element is mission-critical.

Additionally, cyber resilience must become a Board- and C-level priority. As noted above, breaches can be incredibly costly, and recognizing their importance and integrating preparedness into the highest levels of the decision-making processes across an organization will eliminate risks.

To that end, this priority will ultimately build a rock-solid cybersecurity culture across the workforce where all employees understand and prioritize cybersecurity, promoting best practices, and encouraging shared responsibility for protecting people and assets.

Prevention isn’t impossible, but it’s also not a solid strategy for protecting data. Organizations must build cyber resilience with thoughtful, engaging cyber exercises that strengthen the workforce’s ability to handle a cyberattack at any point throughout the threat cycle – not just the beginning to ensure broad MITRE ATT&CK framework coverage.

Learn More About:

Cyber Attack Prevention and Mitigation | Cybersecurity’s Business Value | Risk Management

About the Author

Max Vetter, Chief Cyber Officer, Immersive Labs

Max Vetter currently serves as Chief Cyber Officer at Immersive Labs. Before joining Immersive Labs, Max spent seven years working with the Metropolitan Police Service. He worked as a police officer, intelligence analyst and covert internet investigator, while also spending time in Scotland Yard's money laundering unit. Max also worked with the Commercial Crime Services and Federation Against Copyright Theft, investigating commercial crime, fraud and serious organized crime groups. After leaving the police force, Max trained the private sector and government agencies in ethical hacking and open-source intelligence, specializing in darknets and cryptocurrencies.