The Need for Speed in Threat Mitigation
There used to be weeks between the announcement of a zero-day vulnerability and the next exploit. Now we have days or hours to patch the vulnerability, says Carsten Fischer, Deputy Chief Security Officer at Deutsche Bank. Sometimes threat actors are in the machine even as the patch is being tested. With such a small window of reaction time, mitigation must be faster.
Prevention vs. Detection
We can’t prevent every threat, but we don’t always have time to patch detected vulnerabilities before adversaries exploit them. So as zero day vulnerabilities – and exploits in the wild – increase, cybersecurity should prevent as best as possible and use detection until a patch is available and remediation can begin. It helps to share intel and ask colleagues for advice. You may find a control that should be strengthened, a technique that’s working, or that a threat has increased. Regardless, if you share, you're better off than those who don’t.
Threat Intelligence vs. Threat Modeling
Threat intelligence is the sheer information that educates you on the threat landscape and guides you to the problem and its mitigation. Sharing that intel is necessary to defense: colleagues in similar straits may know a component that could speed a mitigation.
Threat modeling is mapping that problem back to you and your controls. A good threat model will indicate where the threat could materialize, the controls along the kill chain, and will connect to KPIs that show where investments should be made. Resilience is a necessary part of threat models – you have to continue operating – but the ideal outcome is reacting so quickly that you're not really impacted.
No Time for a Dress Rehearsal
We must be more proactive. Automate, connect platforms, and use prevention and detection controls. They can kick in while patches are being developed. But remember, people build threat models by connecting the dots in the threat landscape. The more that people connect with each other, the more dots they can connect in the threat model.
FS-ISAC Summits
The pandemic demonstrated the importance of in-person meetings. A chance to talk to security vendors and experts, discuss what’s working and what’s not, and combine the power of security thought leadership is valuable. When you exchange information you can enrich it.
FinCyber Today
FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence.
Our host Elizabeth Heathfield leads wide-ranging discussions with cybersecurity leaders and experts around the world who bring practical ideas on how to confront cyber challenges in the financial sector, improve incident response protocols, and build operational resilience.
Amid the clutter and noise, FS-ISAC Insights is your go-to destination for clarity and perspectives on the future of finance, data, and cybersecurity from C-level executives worldwide.
© 2024 FS-ISAC, Inc. All rights reserved.
