In today’s digital landscape, cyber attacks are becoming increasingly common and sophisticated. As a result, organizations must have a strong security posture to protect their sensitive data and systems.
One framework that can help organizations improve their Cybersecurity posture and create a Cyber Resilient plan is the CyberSecurity Matrix.
In this edition, we will explore the CyberSecurity Matrix framework and how it can improve your organization’s security posture.
The Case for CyberSecurity
The financial consequences are a painful issue. The average data breach costs about $4.24 million and that number is growing.
There is a time consequence as well. It takes on average 212 days to detect a cyber breach, and 81 additional days to stabilize afterward. For those with remote workers, those numbers increase. There is also lost time and lost trust from your customers
With additional regulation comes additional costs. Failure to report breaches in a timely fashion has several different costs and consequences, including fines and penalties by regulatory agencies, class action lawsuits, and more.
Not only that, but a company’s stock price, financial results, and customer reputation have significant costs as well.
The challenge is most organizations have disparate security tools and technologies, and they don’t have the experts and resources to manage security.
Real World Breach Cases
In terms of federal and state agencies, some recent data includes the following (Source: Avant Communications NIST 6-12 Report 2023):
• February 2022: Equifax agreed to pay a minimum of $575 million for its 2017 breach in a 2019 settlement with the Federal Trade Commission. The settlement finally received formal court approval in 2022.
• June 2021: First American, a real estate settlement services company, agreed to pay a penalty of $487,616 to the SEC for violations against the disclosure requirements regarding risk and incidents
• August 2021: Pearson Plc, a publishing and education company, paid a penalty of $1M to the SEC for violations. The data breach occurred in 2018.
• May 2021: Minted, a U.S.-based marketplace, agreed to establish a $5 million settlement fund to settle a class-action suit filed for violations against the California Consumer Privacy Act (CCPA). Minted was the subject of an attack in 2020 that exposed data on over 4 million customers.
What is the CyberSecurity Matrix?
According to a recent study by the Ponemon Institute, which surveyed more than 550 US IT and IT Security practitioners, 69% of respondents said their company’s approach is “reactive and incident driven.” Acknowledging the need and working to develop an IT Security strategy already puts an organization on the right track to success.
The CyberSecurity Matrix is a framework that was developed by the SANS Institute to help organizations understand and improve their security posture.
It is based on the concept of the “cyber kill chain,” which outlines the stages of a cyber attack. The CyberSecurity Matrix takes this concept and breaks it down into four quadrants, each representing a different aspect of an organization’s security posture.
The CyberSecurity Matrix Quadrant
Govern
Identify
Security teams cannot protect assets they don’t know about. The main goal of the Identify function is to help organizations understand their environment and then prioritize their efforts in later stages.
Mandated compliance standards and audits often create the baseline for these efforts.
Prevent/Protect
This quadrant focuses on deploying services that reduce risk and measures that can be taken to prevent cyber attacks from occurring in the first place.
This includes implementing strong access controls, conducting regular vulnerability assessments, and educating employees on cybersecurity best practices.
Detect
This quadrant focuses on detecting cyber attacks as they are happening. This includes implementing intrusion detection systems, monitoring network traffic, and conducting regular security audits.
Managed Detection & Response (MDR/XDR) and dark web monitoring are two examples of the Detect Quadrant
Image Source: eSentire
Respond
This quadrant focuses on how an organization responds to a cyber attack. This step is about taking ACTION. This includes having an incident response plan in place, conducting regular backups of critical data, and having a team in place to handle security incidents.
Response planning, communications, analysis, mitigation, and improvements are included in this step. This phase also helps determine if it was an anomaly, an event, an incident, or an actual data breach.
Recover
This quadrant focuses on how an organization recovers from a cyber attack. This includes having a disaster recovery plan in place, conducting regular backups, and having a plan for restoring systems and data after an attack. This process is usually led and managed by IT stakeholders and not Security.
The CyberSecurity Matrix: Improve Your Security Posture
“Anytime you build something, whether you’re building an app or a corporate IT environment, you need to start thinking about security from Day Zero”
-Stephen Semmelroth, Director of Security at Avant Communications
By breaking down an organization’s security posture into these four quadrants, the CyberSecurity Matrix provides a comprehensive view of an organization’s security capabilities.
This allows organizations to identify any gaps in their security posture and take steps to address them. For example, if an organization realizes that they do not have a strong incident response plan in place, they can take steps to develop one and improve their overall security posture.
Additionally, the CyberSecurity Matrix can help organizations prioritize their security efforts. By understanding the different stages of a cyber attack and the corresponding measures that can be taken to prevent, detect, respond, and recover from an attack, organizations can focus their resources on the areas that are most critical to their security.
Companies in this condition are most likely to seek the services of a Trusted Advisor, in whole or in part, depending upon their specific circumstances.
Trusted Advisors are already involved in many key discussions around cloud infrastructure, unified communications, contact center, SaaS, and network connectivity; some 67% of survey respondents said they engaged with Trusted Advisors for assistance with managed security services.
Technologies and Solutions for the 5 CyberSecurity Matrix Functions
‘The five NIST CSF functions provide a guide to evaluating security. Still, building a vendor selection strategy is challenging. The first step to choosing vendors for a security program is to acknowledge that there is no single silver bullet for protection.’
-Jim Campbell, Managing Partner with Opkalla, says in the Avant NIST 6-12 Report
No one product or service is going to cover your needs all the time. Every product or security has a gap somewhere.
Identify
- Risk Assessment: Assess an organization’s current state and exposure to cyber-attacks and determine what needs to be done to mitigate those risks
- Gap analysis: How existing assets are protected, where are the gaps, and identify which security controls need to be implemented
- Penetration tests: Actual tests simulating how a hacker will attempt to breach a company and the existing controls are effective
Protect
Once the current state and any gaps and risks have been identified, here are a few solutions that can be implemented in the meantime:
- Multi-factor authentication-multi step process in identifying users
- Endpoint protection-protects various endpoints without a management or response function
- Firewalls-lights and switches, basic protection
- DDoS mitigation-protects circuits, websites, and other web infrastructure from being overrun with too many requests.
Detect & Respond
Small and medium-sized enterprises should consider using managed services, which can address both the detect and protect functions. MSSPs can layer on proactive monitoring, patching, reactive troubleshooting, and administration.
Based on data from AVANT Analytics Research, only 17% of companies surveyed by Trusted Advisors are using a third-party MSSP or SOC service. Of those who are, 54.6% have between 100 to 1000 employees.
For this function, you can look at the following technologies:
- Endpoint Detection & Response (EDR)
- Managed Detection & Response (MDR)
- SEIM and Log Mgmt
- Vulnerability scanning
- Behavior Analytics
Recover
Restoring data and having a backup or failover plan is crucial after an attack.
The following services can help during this phase:
- Disaster Recovery as a Service (DRaaS) protects the business, and allows for recovery of the entire IT environment (servers, storage, networking, apps, data) in the cloud
- Backup as a Service (BaaS) protects the data and typically allows for the recovery of a file or server back to the customer’s on-prem environment
- Incident Response & Forensics-investigates and remediates a security breach
Conclusion
In today’s digital landscape, having a strong security posture is crucial for organizations of all sizes.
The CyberSecurity Matrix framework can help organizations understand and improve their security posture by breaking it down into four key quadrants.
By implementing the measures outlined in each quadrant, organizations can better protect themselves from cyber-attacks and improve their overall security posture.
In summary, when it comes to enterprises doing more to advance and build cyber resilience, we recommend the following:
- Embrace a Zero Trust Security Strategy
- Adopt and Deploy the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
- Establish a Plan of Action to Mitigate and Recover from Cyber Incidents
- Engage or Team with an AVANT Trusted Advisor™, an experienced and knowledgeable partner who can enhance the decision-making process
- To explore improving your CyberSecurity posture, get your FREE Security analysis today!
