One of the top factors for measuring an organization’s information and security infrastructure is dwell time — the amount of time a bad actor spends in an organization's network. The duration of this time is related to how quickly the attacker is identified in an organization’s environment and diminishing the intensity of this attack is dependent on an organization’s initial detection and reaction to the breach. This means organizations need to be properly equipped to respond as quickly as possible to reduce how long an attacker has access to sensitive data.
Protecting an organization’s confidential information and its security posture require establishing a well-trained and highly informed workforce — a top priority for leadership. The responsibility falls on those at the head of the organization to ensure that before an attacker infiltrates a network, the organization is ready to respond to the issue from all angles. This involves educating employees across the organization on the severity of the threat landscape, best cyber practices that include offensive security tactics to proactively identify new threats and the implementation of a zero trust architecture.
Closing the cybersecurity knowledge gap
In terms of bolstering an organization’s security, creating awareness is a pivotal starting point in closing the cybersecurity knowledge gap. Reports indicate that one-in-three employees claim they did not receive any form of cybersecurity training at their organization. Additionally, one-in-five employees were “not at all” aware of their organization’s cybersecurity best practices. This lack of knowledge means a lack of urgency, which can be extremely harmful to the organization’s safety. Edi Rama, Albania’s prime minister, spoke at the 2023 World Economic Forum, saying that the growth of the cybercrime industry — from $3 trillion in 2015 to an expected $10.5 trillion in 2025 — means that if cybercrime was a state, it would be the third largest global economy after the U.S. and China. Cybercrime is here to stay and, with it, everyone needs to be vigilant.
Unexpected infiltrations are inevitable, which is why it is essential for employees to, at least, start by understanding how and why an attacker may target their organization and the impact it can have on their work. Effective leadership will ensure employees understand the organization’s vulnerabilities and why certain areas are more susceptible than others. By informing employees of the cyber risks at hand and the harm these risks can cause, the workforce is more likely to be motivated to implement best security practices and use these tactics as efficiently as possible when the time comes to protect the organization’s data. The education of the workforce, along with the right technologies, can significantly reduce the dwell time of attackers. This combination provides insight into all levels of an organization that can be attacked — from the people down to the data in a database.
Proactively identifying new threats
A well-prepared workforce is not only conscious of the areas a bad actor can infiltrate but will also recognize when an attack might be occurring. Once awareness of the expanding threat is established, organizations must work with their employees to detect attacks and identify next steps. This effectively lessens dwell time of bad actors as organizations now have the entire workforce ready to monitor and protect the weaker parts of the infrastructure. More specifically, this can be accomplished via a zero trust architecture, threat intelligence and management systems, in combination with advanced cyber hunting inside an organization’s network. This combination is essential in preventing an adversary from entering from any angle. A solid zero trust approach provides unified security from the device all the way to the users working on those devices and the data on them.
Implementing a zero trust approach
As attacks grow more complex and advanced, the landscape of cyber defense has changed alongside them. Even the most secure organization can fall susceptible to an attack, which is why the focus must shift to restricting the access of bad actors that have breached their systems. As such, many organizations have begun to utilize a zero trust approach, which enables organizations to better protect themselves from malicious actors by limiting how much access the hackers will have to data and preventing them from moving even further into an organization’s systems.
Of course, zero trust is not a strategy that can be implemented overnight; it is something that could potentially take years before an organization may fully benefit. It is much more a journey, with an evolving architecture, than it is a set of standards that can simply be implemented. As such, organizations should focus on the zero trust initiatives that give the largest protection first.
This includes utilizing authentication authorization and accounting strategies, while tagging data so that an organization has better awareness of who is on their network and what access they have to specific information. Organizational leaders must ensure employees are also involved in these monitoring strategies and, consequently, zero trust and the role they play within this security model and the organization’s optimal protection. This is pivotal to stay on the same level as progressing attacks and companies must begin this process now so that they do not fall behind in this fast-paced environment.
Modern-day breaches not only require a complete overview of up-to-date security measures, but an expanded outlook on the necessary measures to prepare and potentially prevent attacks. The good news is that there are steps leaders can take to ensure their workforce is in the best position possible to reduce dwell time and limit the impact of a breach.