Tia Hopkins on Why the Modern Infrastructure Needs New Resiliency Ideas
In her Network Resilience Boot Camp keynote address, eSentire’s Tia Hopkins discuss why businesses today must re-examine their network resiliency strategies and implement new approaches.
July 21, 2023
In this archived keynote session, eSentire’s Tia Hopkins opens the early-afternoon session of our 'Network Resilience Boot Camp' presented by Data Center Knowledge and Network Computing. This excerpt is from our live 'Network Resilience Boot Camp' virtual event moderated by Bonnie D. Graham on June 29, 2023.
Traditional business continuity and recovery methods and strategies of old are not sufficient for modern business. The move to more distributed enterprises, the adoption of cloud, and digital transformation all add complexity and make resiliency more challenging to achieve. The underlying infrastructure upon which all applications and services are delivered must be robust.
View the entire Network Resilience Boot Camp event on-demand here.
This keynote virtual keynote presentation, Tia discusses why businesses today must re-examine their network resiliency strategies and implement new approaches.
A transcript of the conversation follows below. Minor edits have been made for clarity.
Bonnie D. Graham: Tia Hopkins, as I said, is going to be talking about why modern infrastructure requires new network resiliency thinking. Tia and I decided we're both basically from New York, so we talk fast. If anybody wants us to talk slower, you’re welcome to put that in the Q&A too. Tia began her career as a high-speed internet installer in the early 2000s. I bet that was a heck of an interesting time, Tia. This sparked her interest in the IT information technology field and ultimately led to her focus on hot topics like cybersecurity. Tia has spent more than two decades in the IT and IT security industry. She's currently the Chief Cyber Resilience Officer and Field CTO at eSentire. So, traditional business continuity and recovery methods and strategies old are not sufficient for modern business. Tia, I'm going to let you take it away. We're very interested in your keynote and welcome.
Tia Hopkins: Awesome, thank you so much for the intro and for having me. I am really passionate about the topic of resilience in general. Obviously, based on my title, my focus is on cyber resilience, but I think the world that we're in today it's all kind of starting to blend and come together. I'll touch on a bit of that as we go through the session here today. So, I'm excited, and I'm just going to dive right in here. So, I'll touch on resilience in general – get it relatable for us, and then move into a focus on network resilience, and then we'll focus on cyber resilience. So, resilience, what is it, and why do we care? The basic definition, if we think about our personal lives, is essentially the capacity to withstand and recover from difficulties, right? When you go through something hard, how quickly do you bounce back? Do you need to go cry for a few days? Do you bounce right up and keep it moving? So conceptually, that's where we are in our personal lives when we talk about resilience.
So, we shift that then to our professional lives; there are a number of different lenses through which we can view resilience, and I'll talk through four of those here. There are a bunch more of them, but these are the ones that I think are relevant to the discussion today. So, of course, network resilience, and what we're talking about there is through the lenses of the network - what is the ability of that network to continue to deliver the things that the users are expecting from it, right? So, maintaining those service levels of critical applications, the services that are being delivered through that network, and the processes supported by that network. Then we move into cyber resilience.
Enter cyber resilience
Well, what are we talking about there? That's essentially the ability to anticipate, withstand, recover from, and adapt to a cyber-attack. So, how well can you hang in there when you have an adverse event that impacts cyber-connected resources? Operationally, it's the ability of systems to resist, absorb, and recover from or adapt to adverse occurrences. We've got a running theme here; something adverse is occurring. Even personally, we were talking about something hard occurring in your life. How well are you able to hang in there when that occurs and then bounce back from it? Now, digital resilience, this one was interesting to me because the themes of the others are – how do you hang in there and bounce back? And there were a bunch of definitions around digital resilience.
Some of them touched on your presence online, and some of them were more along the lines of operational. But I found this definition to be the most interesting when I was doing some research – and it's actually using tools to help you quickly recover in the event of something adverse. So, now we've talked about all these different lenses, and what area of the environment and personal professional all these things related to resilience. The one thing that they have in common, for the purpose of discussion today, is business, right? We're all in the business of protecting the businesses that we work for. Whether that's protecting the ability for the network to continue to perform or protecting the business from adversaries in the cybersecurity space – whatever that is, we're here to keep the business functioning.
But when it comes to resilience, the more specific focus on that is minimizing disruption. I want to pull the thread on this a little bit because I come from a network and systems engineering background way back. I won't date myself, but when I was doing this, my focus was building the network to prevent failure. But I think in a really dynamic and unpredictable space that we're in today, we have to expect failure. And the way I like to think about that is when we expect failure, and that's not accepting failure. We just have to expect that things will go differently than we planned for them to when we expect failure – we prepare for failure.
Main objective: Prevent failure
When we specifically focus on preventing failure, sometimes that can put us in a position where we fail to prepare because we've expected this thing that we put in place to prevent this thing that we've identified from occurring. But then, when things don't go that way, we're not as equipped as we should be to get ourselves back to normal. So, that's where resilience comes into play. Now, I've found this quote, and I don't usually read through slides word for word, but this is worth it. This is from a Harvard Business Review talking about resilience as relates to the business. It says, "resilience is a company's capacity to absorb stress, recover critical functionality, and thrive in altered circumstances. And it's especially important today because the business environment is becoming more dynamic and unpredictable." And I think that's absolutely right. You've got users working from everywhere, we've got data everywhere, we've got borderless networks.
Back when I was doing this, again, many years ago, networks were kind of static. They didn't change much; the infrastructure didn't change much. When you put devices in place, it stayed there for years unless something went wrong with them. Then there's the unpredictability that comes with advancements in technology. As we go through digital acceleration, as we continue to move things to the cloud, as we continue to adopt more IoT devices and things of that nature – we have to put ourselves in a position where we expect that things will occur that we didn't know would occur. We have to be ready for anything, versus addressing things that we know exist and making sure we can, to the best of our ability, prevent them from happening.
The role of network resilience
Let's dig into network resilience specifically. Obviously, we live in a super, hyper-connected world. I think about my home, a bit more of a smart home, probably than it should be. I geek out a bit when it comes to installing smart devices, but I looked up my mesh network one day to see how many devices I had. In my mind, I probably have 20 devices in my home that have IP addresses. When I looked at my device list, I had over 100 devices in my home that had an IP address. I take that outside of my home, and we think about the business world – we've got everything from organizations building smart cities, to again, moving data to the cloud, so users are accessing this data from anywhere. There's this ‘always-on’ expectation that we're dealing with, so our organizations have to be available, resilient and secure. Businesses are heavily relying on digital acceleration, advanced technology, and things like AI to continue to innovate, produce and differentiate in the market.
Just a few statistics – talking to businesses and what they think in terms of spend and reliance on digital infrastructure, digital acceleration, and its impact on the business. The first one, is $300 billion will be spent on AI by 2026 and I thought that was a pretty staggering statistic. 90% of corporate strategies reference information as a critical asset. In the cybersecurity space, data is the new currency, right? Cybercrime is an incredibly lucrative place to be for attackers because the value of data is so strong. That's everything from personal data to account numbers and intellectual property. All this information is incredibly valuable to an attacker, to get it in the hands of someone that finds it useful. Then lastly, 56% of CEOs say digital improvements have increased revenue.
That goes back to the point that businesses are relying on these advancements in technology. This always-on availability and speed, productivity, and everything to continue to produce as a business. So, digging further into network resilience, the definition back here that we went over – we want the network to deliver the things that we need on a consistent basis. What is resiliency? What does that mean? Thought immediately goes to, we’ve got to be able to bounce back. It's our ability to bounce back, and that's part of it – but there's action around that, that goes into making sure that you can bounce back the way you want to. I pulled together just a few key components and considerations around network resilience to think about.
Points to consider
The first is redundancy. I think we're all familiar with redundancy. We want to have backup equipment, alternate paths of communication, and an alternate medium to communicate across in case of a failure in our environment. We want to eliminate those single points of failure. There's also scalability, right? This is part of the big shift to the cloud; we want our workloads to be able to expand and compress as needed to support the needs of the business. Think about a retail company. It has to support heavy loads around Christmas season, because shopping time is heavy. Prior to moving things to the cloud, that company would have to buy physical hardware to support those needs for a portion of the year, which is not very efficient. But now, you move things to the cloud. You can send things up and down as you need to, and that promotes resilience of the business because now you don't have to worry about over-utilizing your physical resources.
Then, having your customer experience suffer, for example, because the server is down because it's over capacity. Flexibility aligns with scalability, but it's different. It's more than just expanding and compressing without compromising any efficiency, or quality of the business. Flexibility is adapting to any changes in the requirements of the infrastructure without disrupting productivity. It's about more than I need more space, more RAM, more server capacity, whatever that is. There are additional changes. We need to introduce a new application and another path to a new organization, whatever that is. The infrastructure does need to be flexible as part of that overall resilience strategy. Then lastly, from a reliability perspective, operating consistently without disruption. It could come from a myriad of different places. It could be a cybersecurity event, a failure of a component, or an outage with a provider.
All these things are what we need to be considering when we're asking ourselves – is my network resilient? Do I need to be making improvements? How should I be thinking about this? Now, how do you monitor and measure, right? Because it's not a set it and forget it. You don't say, okay, we're scalable and flexible. You still have to measure that, right? Because we're in really dynamic environments, our infrastructures change every day, and the needs of our users change every day. The way we do business changes every day, and customer demands change every day. How can I tell how well I'm doing, as I'm thinking about all these considerations around network resilience?
So, the first one, obviously, reliability - but how do you think about that? An easy question to ask is - how long have we operated without disruption? If that was two weeks ago, well, what happened two weeks ago? Was that a provider? And if it was a provider, do I think it's a one-time thing? Are we consistently having issues with this provider? Is there a component and some portion of this complex infrastructure that we have that continues to fail? Do we need to make a pivot? Do we need to build this different way? Is this something that we need to shift to the cloud? How critical is it? How sensitive is the data that houses it? There's a lot of questions that you can ask around this question specifically, as it relates to reliability of the environment, because availability is really important.
Next, recoverability. How quickly can we get back to normal? So, that's an outage. If I do have an outage, what are the SLAs with my provider, if it's a provider? How quickly are they on the hook to get us back to normal? Or if it's a component in some system, how quickly can we replace that component to get back to normal? So essentially, whatever it is, we need to assess the critical points of failure in the overall system and determine how quickly we're able to get back to normal. This is both proactive when you're building out a system, and of course reactive, when something occurs as you're doing a root cause analysis to see what changes need to be made in the system. Next, we have survival survivability. This was a bit of a newer term for me, but I like it because it’s very similar to resilience. Survivability is more focused on hanging in there when something goes wrong. So, if this component fails, is it critical? Is it going to bring us to a grinding halt, or can we continue to operate? How survivable is the system?
Obviously, critical components of a system can't be totally avoided, but when you're thinking about survivability – how many of those critical components are a factor in the overall service or technology that your system or organization is running? Can you reduce that? Can you make things more adaptive to the environment? Make the system not so dependent on all these components, so that if they were to go down the system could fail. Survivability is really important. Then, the last point here is vulnerability. Where are our gaps or flaws that threaten the way the network can function? This comes down to, of course, cyber-attacks, which we'll get into in a bit. Is it an out of a component? If it were to fail, can you replace it? Is it a software that you can't update?
I can't tell you how many times I've had conversations with organizations and they're still running operating systems that are no longer supported. They can't patch them, but they're scared to death that if they make one change to it – even if they reboot it, that it's not going to come back online, and it's a critical application. Well, that's not a very resilient system. You're producing right now, but if anything happens to that, you're vulnerable to no longer being able to produce. So, really being aware of what those vulnerabilities are, is critically important. I wanted to get into some trends before we shift into cyber resilience. Many of these you may be familiar with.
The first one here is network automation and AIOps. Automation is a term that's been around for a long time, but the research shows that there aren't many organizations that don't have some form of network automation in their practice. I would say the dividing line is that a lot of organizations use it upfront for initial configuration and deployment. There's a much smaller percentage of organizations that are leveraging automation for things like remediation and learning what normal looks like in the environment. Being able to automate getting things back to a steady state or automate the actions that need to occur when something is outside the baseline – there are far less organizations that are taking advantage of automation in that way. The reality is it does take a lot of work. There's a lot of information that needs to be documented, processes.
What do we feel good about? How much of an appetite do we have to hand certain tasks off to automation? The challenge is as our environments continue to become more and more complex, and we adopt more and more advanced technologies, as humans, we're really not going to be able to keep up. Right? So, introducing those remediation-type actions into the environment is something that you should start thinking about. Now, I'm not a person that thinks automation replaces humans. I firmly believe that automation AI assists humans, but we are getting into a point – as fast as we're living, and as fast as data is growing, and as we're starting to leverage it to make business decisions, we have to prepare ourselves to be able to keep up. That leads into resilience as well.
The second one is network insecurity convergence. So again, going way back to when I was doing this in the field, and I'm also a professor of cybersecurity. I talked to my students about this a lot. When I was doing this, a firewall was a firewall, a router was a router, and a switch was a switch. Then, we started to move into these technologies being combined. You had a UTM device or next gen firewall that was modular, and it had all these components into one. You're used to having multiple devices to do these things. You've got one, and it's got all these capabilities, but now, what we're dealing with is users working from everywhere and borderless networks. There really is no line between where the network starts and when network security starts. If you think about methodologies and frameworks like zero trust, and SASE or secure access edge - your network devices carry security capabilities. It's hard to separate that in terms of responsibility, so what we'll touch on that a bit more.
The next one is multi cloud networking. There's a shift where you're not going to be just in one cloud. If you're an office 365, and you've got workloads in AWS, you're in multi cloud. Within their own ecosystems, public cloud providers have a lot of tools that make it easier to manage workloads and manage what's going on the environment to take the heavy lift off the folks on your team. They can just track the outcomes, but when you go from cloud to cloud, it gets a little harder because these things are not integrated. There are a lot of tools and technologies coming out onto the market now like cloud security posture management; technologies that allow you to have visibility across all your cloud and their work environments and have all that data in one place and be able to manage it effectively.
The next one was interesting to me, private 5G versus Wi-Fi. Back in the day, I would have never considered cellular service or any G – 2G, 3G, or 4G as a real option to leverage in an enterprise environment. It just was not as reliable as it's becoming today. Then before Private 5G, you're thinking it's 5G, it's a public network. I can't have any sensitive data traversing a network like that. But now, private 5G adds another layer to the decisions that will need to be made. Where is it appropriate to leverage private 5g versus the traditional Wi-Fi network that we're used to? We're at six with that now, and we're already talking about 6G, even though we're still deploying 5G. But the point being technology in that arena is moving very fast, and there's going to be a blend, especially as 5G starts to become more and more adopted – where we're going to have to make decisions in terms of which one of those makes more sense, from an application perspective.
Then lastly, digital twin adoption. Organizations are starting to see more of the value of basically having a digital copy of their infrastructure. They can make changes and try things out and see how it will impact the enterprise without having an impact to production. Right? Test these things out before they go into production. We will go through and talk about networking security a bit. But I highlighted here, because the one thing that I did want to call out is that all these things affect your role as someone that's considering, focused on, or responsible for network resilience. There will come a time where you can't talk about the network without talking about security. Then, that'll lean into having to understand security, and that'll go into being responsible for security because it'll just start to make less and less sense to separate those things.
All right, so this is my favorite topic here, cyber resilience. It all blends but the threat landscape is fascinating and scary, too. Cyber-attacks are really a top threat to business operations because attackers go where we aren't. They evolve as quickly as we evolved. They leverage all the same technologies we're leveraging to keep ourselves safe and they're leveraging those technologies against us. They're leveraging things like AI and machine learning, to scale and grow and be able to move faster in the same way that we are. You can see it in the numbers here. So, if you're familiar with IBM's cost of data breach report, this is data from their 2022 report, where they interviewed 3,600 individuals whose businesses have been impacted by a data breach. The numbers you can see here are staggering.
So, $9.44 million was the average cost of a U.S. data breach and that was the highest of any country. $4.54 million was the average cost of a ransomware attack. The not so fun fact is that's not even including paying out the ransom. Then lastly, another staggering statistic is 83% of the organizations that were studied reported that they had more than one breach. So, they had a breach and they got through the breach. You would hope that they recovered and had some lessons learned and fed it back into the program, but then they had another breach. This is what organizations are facing on a day-to-day basis and it can be anywhere from one machine being compromised and we contain that and it wasn't that bad, to a catastrophic event. We're not able to produce, we have to shut down operations.
You think about recent breaches like the pipeline hack that impacted folks’ day-to-day lives. Planes were grounded and individuals were filling up plastic bags at the gas station, because they were worried they weren't going to be able to get fuel and things like that. It is critical that we think about our network security through the lens of or combined with cybersecurity and what those attacks could look like, and the impact that it can have on the business. Say, an organization had a breach and then they had another breach, and maybe some eyebrows raised. Why is this happening? Why aren't these cybersecurity professionals protecting these organizations? And it's tough. This is by no means an exhaustive list, but eSentire is a threat response unit. This is data and research that they constantly do, and they bubble up the trends so that we can inform organizations what they should be thinking about.
This was their top three; that ransomware today isn't what it was three years ago. What that means is not so far off in the past, ransomware was more opportunistic. I'm going to go out and see if I can encrypt this data, and if I can encrypt this data, then I'm going to charge you some bitcoin and I'll give you your data back. Now, we're dealing with things like double and triple extortion where, all right, I've encrypted your data, pay me. Oh, you're not going to pay me. Okay, well, I'm going to leak it on the dark web. Oh, you're still not going to pay me. All right, well, I'm going launch a denial-of-service attack against your organization. So now, I've got your data, and you're not going to be able to produce and it's all over the internet. You're going to have reputational damage and you're not going to be able to recover from this. They're just moving the needle further and further to put this pressure on organizations to pay this ransom.
It's a struggle to keep up with securing the enterprise, and part of that is because of number two. Being fully patched doesn't really provide the protection it once did. When you think about things like zero days, and how often environments are changing and shadow IT. Sometimes there's things in the environment that security teams and IT teams aren't even aware of needing to be patched. Then, if you introduce the ever-unpredictable user into that equation, then it just compounds the challenge even more. Then lastly, migrating to the cloud just brings about challenges that we don't even know exist yet. I read an article a couple of days ago about what we think might be one of the first, if not the first ransomware events in the cloud, where an account was compromised.
Then it was used to encrypt data in a SharePoint directory. So, I mean, it's still ransomware, it still behaves the same way, but the impact of that in the cloud – given the way that encryption would have the ability to move in an environment like that, across an attack surface like that, is pretty scary. I've got to protect this workstation. I've got to be able to isolate this workstation when ransomware occurs, so it doesn't spread throughout my environment. That's different in the cloud. The entry point is not even the workstation anymore. Typically, it's going to be someone's account that was compromised, and then that's going to be leveraged to introduce some sort of malware and then it wreaks havoc. So, I'll move on here, I could talk about this stuff forever. I touched on this a bit, the ever-evolving threat landscape.
Over 15 years ago, we were just worried about websites being defaced and maybe some malware being hosted. Then, we moved into advanced persistent threat malware, and then like the ransomware I was talking about, opportunistic, kind of smash and grab. But now, we're dealing with ransomware gangs specializing in different areas of ransomware delivery. You've got one team focused on initial access, one's focused on delivery, one's focused on execution, one might be focused on collection or whatever that is – and that gives these ransomware groups scale. It's to the point that with no technical or technology expertise, you could go on the dark web, and you could actually leverage ransomware as a service deploy it take an organization down. Just as if you were as technical as the individuals that created this malware. Then of course, we have no idea what's coming, you know?
With ChatGPT and generative AI being all the rage right now, there's challenges with that. You leverage generative AI and language models in your organization. You think if an attacker were able to compromise that and start to ask leading questions of someone to get them to provide sensitive data. Like I said, everything we use for our good can be used against us, so there's a lot to think about there. So, I wanted to touch on initial access trends a bit because as a network focused crowd here, the network is part is a big part of what we need to think about. Of course, as I mentioned, identity is as well. But when we think about the network, in terms of how attackers are getting into these environments, there has been some shifts in trends over the last couple of years. We've all been talking about phishing for a very long time, and email has always been the initial access factor of choice for attackers where they leverage macros and things like that to introduce malware.
But when we got to 2021, we saw an explosion of drive by threats. That's because email gateways and controls and technologies are becoming more sophisticated. Users are becoming more aware, so it's a higher risk, and there's less of a guaranteed reward. So, attackers were taking the move of, hey, I'm going to meet users where they are. They were using things like search engine optimization, and what that means is a user goes online and does a Google search for a template to do some type of report. They download this template, and it turns out that it's actually malware, and it runs on this computer and wreaks havoc across the organization. That is lower hanging fruit, because you're just going to where you know the user is going to go. Your security awareness training has been training users all day long on how to look at emails, and that's what they're thinking about. But they're not thinking about the attachment that they download that says it's a PowerPoint, but there's a hidden exe on the end of it, and then it launches malware in the environment.
Then we get to 2022, and emails started to bounce back a bit as an additional attack vector, because attackers started to use things like HTML smuggling. Which is basically embedding malicious code leveraging, like HTML five, to embed malicious code. Then, I saw shortcut attacks. There was some chatter in the Microsoft community about the ISO portion of this for a bit. ISO being an image that you load onto a machine, and then it launches software, I believe, by default. When you load an ISO, it launches by default. I don't know if Microsoft decided to disable this by default, or not. But the reality is us as the professionals, delivering these services to our end users and deploying these things in our environment – this is part of what we need to be thinking about in terms of how resilient our organizations are.
Take it upon ourselves to know what's in our environments, and we need to go in ourselves. If we want to shut off these ISOs from being able to launch automatically, then we need to do that. It's all part of what we need to be thinking about. So, back to the definition of cyber resilience. Anticipate, withstand, recover, and adapt. Anticipate what's coming. What do I know about my environment? What do I need to prepare for? Because the better prepared you are, the less you have to deal with, hopefully, when it comes to withstand. Right? If you prepare poorly, then you're going to have things coming at you left and right. It's going to be really hard to withstand and continue those essential business functions when you're hit with something. Everyone agrees that in this world that we live in, it's no longer a matter of if it's a matter of when we have to assume breach. You either have been breached or you just don't know it yet.
That's how we have to think about it. This drastically impacts the network as well, going back to the point of the blend – that's occurring between network and network security. This convergence with network technologies, being married with security technologies all in one bundle around zero trust and securing the edge. When it comes to recover – when something does happen, how quickly can you get back to normal, right? If you if you have an adverse event in your environment, or if you're a victim of a data breach or a cyber-attack – how quickly can you stop the bleeding? How quickly can you get the business back to productivity again? Back to my point earlier of minimizing disruption, in the world of cybersecurity, you want to minimize the downtime associated with an attack and then adapt.
What did you learn? What do we need to change? Make sure we're talking to everyone. A huge mistake that I see is, you've got your IT team or your IT security team over here, you have the risk team over here. Security operations is over there somewhere. DevOps is over there somewhere and we're all off in silos, doing our own things. We need to come together collectively because if the business is going to be resilient, all of the organizations within the business need to be resilient and need to be thinking about it the same way. So, just some considerations here when you're thinking about cyber resilience. Endpoint monitoring, right? Our users are everywhere, so the endpoint is, I'll say where the magic happens but it's really bad magic. That's where things happen the most right? Compromised credentials and ransomware, that's encrypting data. So, you want to have the ability to monitor what's going on with those endpoints that have access to corporate resources and identity management.
I brought up identity a few times, because as we get more and more into the cloud, it becomes an identity problem – not necessarily just a user problem, or just a host problem. Because wherever that identity can go in the environment, if it's compromised, then all the resources accessible by that identity are at risk as well. I think back to when we had borders on our networks, and we were within four walls. If we had our controls at the edge, we were good, and if you were in the building and you're a trusted user, and you logged in, great. Well now, we have to worry about borderless networks. Again, users are everywhere, and something can change in a user's environment while they're accessing corporate resources. We have to continue to assume that we don't know who's on the network. Back to that zero-trust thinking, I don't just trust you.
Because you said your name is Sally, and you're in accounting, you might have been Sally when you sat down and then suddenly, this attacker has taken over your account, but I think it's you. So, I'm allowing you to do the things that that you want to do. So, identity management is continuing to increase in importance. Visibility, you have to know what's going on in your environment and it's beyond point solutions, it's aggregating that data. You can paint a picture of what you need to be worried about in this house and network performance, as well as network security. Then as you move to the cloud, like this says, extend your incident response preparation to include cloud coverage. I'll take that a step further. As you move to the cloud, reevaluate all your processes, everything that you have in place.
Does anything need to change to incorporate cloud capabilities? Have you changed the way an application was architected now that you moved it into the cloud? Does that change anything? Operations, in terms of how users will interact with it, are things that need to be considered. Sometimes we're moving so fast, because at the end of the day, we have to keep the business going, but if we move too fast, we could bring the business to a grinding halt, if we're not thinking about the right things. I think, as technologists, sometimes we jump at the newest technology. I like that dashboard. We need that, we've got that gap in our environment, and that results in tools for all, which results in inefficiently managing the business. Make sure you're getting all the capabilities out of what you have before you go out and pull something into the infrastructure.
Then lastly, consolidate where possible, right? If you've got technology in your environment, that's ecosystem based, it's a vendor that's got multiple capabilities. There are different schools of thought on whether you want to put all your eggs in one basket or not, but there are both pros and cons to doing that. No matter what you put in your environment, you have to be prepared for anything. Just evaluating where you can drive efficiencies. Does that pose any risk? Having that resilient mindset in case something happens that we're not thinking about. How are we going to be able to bounce back from that? Let's make sure we're thinking about the right things and we're controlling the controllables. How do I hang in there when something goes boom? And again, that goes back to maximum visibility. The more you can see, the more you can do. You want to have signals from all over. You don't want to be reliant on one thing. You don't want to say, well, what's going on? Let's go look at the logs. Well, maybe what you need to be looking at is what happened on an endpoint, right?
So, make sure you're looking at telemetry from across the environment. Operationalized threat intelligence is not just about the feed coming into the device, you want to make sure you're operationalizing threat intelligence. Do you have the capabilities to create indicators of compromise and run those through your environment to see if there's anything lying dormant above and beyond what your point solutions might be looking for? And of course, someone might chuckle when I say 24/7 security operations, but attackers don't sleep. If you can't do it in house, obviously consider outsourcing it. But you know, you want to go home Friday, 5:00, you pack up and leave and attackers are like alright. Now's the time for me to get in and wreak havoc because like I said earlier, they want to go where we're not.
From a recovery perspective, that's your business impact analysis, continuity planning, disaster recovery planning and your incident response planning. Plan, plan, plan, and you have to plan before something happens. Otherwise, it's going to be even more chaotic, when the event that you're dealing with is already chaotic enough. Then from the perspective of adapting and evolving, you want to continue to monitor how you're doing. Again, working with those other teams in the organization to make sure that as a business, you're becoming more and more resilient. So, with that, I take us back to the quote that I read at the beginning.
It is, "resilience is especially important today because the business environment is becoming more dynamic and unpredictable." It's changing more frequently and we're seeing things that we haven't seen because we're adopting technologies that we've not used in the past. At the end of the day, we need to be focused on resilience because it's up to us and the businesses that we are responsible for to keep the lights on, right? Our companies are dependent on us to ensure their digital futures. And so, with that, I would like to thank you all for your time today and I hope this has been valuable for you.
About the Author
You May Also Like