Situational awareness skills essential against cyber threats, according to Fortinet
High-performance cyber security solutions provider Fortinet has advised IT leaders in Asia Pacific to improve their situational awareness skills to better defend their organizations against cyber threats.
Situational awareness, a behavior considered as second nature to most people is often related to as being aware on what to do in a particular scenario. This, according to Fortinet Country Manager for the Philippines and Assistant Regional Director for Southeast Asia and Hong Kong Jeff Castillo is a trait repeatedly neglected when it comes to using the Internet and the web.
“When people use IT, however, this behavior surprisingly doesn’t carry over. They click on dubious links without a second thought, open files they don’t recognize, and connect to wireless networks they are unfamiliar with,” said Castillo. “If people could become more situationally aware in their handling of computing devices, they − and the organizations they work for − would be victimized by cyber threats much less often.”
According to Fortinet, situational awareness applies to IT environments through understanding the organization’s priorities, as well as the risks and threats imposed on the business. IT leaders must be able to frame the issues they are dealing with within short and long-term business objectives, have clear line-of-sight across the organization and technologies, and be able to establish policy and governance for everyone who touches the firm’s data.
To achieve cyber situational awareness, Fortinet advises IT leaders in Asia Pacific to focus on four key thrusts:
1. Business Mission and Goals. Understand the organization’s business mission, and then align it to those processes and resources that exist to enable that mission. Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes. Organizations should also prioritize data and systems, determine which have regulations tied to them, and compare their priorities with those teams that share these resources.
2. Cyber Assets. Understand and catalog all the assets on the organization’s network, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, what applications reside on those devices, and what data they hold. Once firms gain full knowledge on the devices they own, they need to ensure these devices are securely configured and patched as the vast majority of exploits target publicly known vulnerabilities that are five or more years old. Always prioritize the critical vulnerabilities.
3. Network Infrastructure. All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk level can become very different. Organizations must strive to thoroughly understand their topology because cybercriminals are spending much time and resources to learn it to exploit the vulnerabilities in the system. Understanding how and where devices are connected and the data that flows through them will determine where the risks are, and let organizations implement appropriate policies and countermeasures, including technology solutions that are most suited to protecting their unique environment. These solutions must allow devices to interact, share intelligence, and respond to threats in a coordinated fashion anywhere across the extended network.
4. Cyber Threats. Understand the capabilities and tactics of threat actors targeting your organization. Threat actors can include government sponsored cyber espionage, organized crime, hacktivists, insider threats, opportunistic hackers, and internal user errors. Organizations need to know which of these threat actors are most likely to be focused on stealing the data that resides in the network.