How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role. We have performed hundreds of cybersecurity maturity assessments (CSMAs) for our customers over the years, and one of the main things we continuously find is that the security team is often tasked with things that would be better assigned to IT and business leadership. Those responsibilities include everything from accepting risk on behalf of the business to technical tasks such as implementing patches on production systems. These functions are often assigned to the cybersecurity team because risk is something that many businesses still do not fully understand and IT staff are often overwhelmed with administrative responsibilities.

While we routinely see these practices in place due to their perceived necessity, we aim to help our customers look past how they are performing cybersecurity tasks today, and instead define a future where the responsibilities are distributed so that cyber-risk becomes a board-level discussion. This need for evolution in cybersecurity practices is best illustrated by our 2018 “Under the Hoodie” report. This report analyzes 268 penetration testing service engagementswe performed from early September of 2017 through mid-June of 2018, and identifies the common ways our professional hackers were able to breach a network. In short, attackers are constantly changing or recycling their tactics, but the motivations largely stay the same. This requires a cyber-program to constantly assess and manage the cyber-risk to their business and identify approaches that minimize exposure and potential impact.

To determine the future-state strategy and roadmap with our customers, we offer a comprehensive maturity assessment that aligns to the cybersecurity framework best suited for their industry and market vertical. The assessment is divided into phases that consist of a pre-engagement questionnaire, onsite interviews, offline documentation reviews, collaborative report writing, preliminary finding discussions, final reporting, and in many cases, executive/board briefings.

When complete, our customers receive a comprehensive product that includes a consumable component for an executive audience, a deep-dive review of the controls in place and their demonstrated effectiveness, along with a strategic roadmap that prioritizes the strategy based on a risk-to-cost-driven methodology.

Need help prioritizing your security initiatives and aligning them with your business? Our Advisory Services team is here to assist you.

Learn More

Putting it to the test: The technical side of the Cybersecurity Maturity AssessmentVulnerability scanning and phishing to identify technical opportunities

Fact: This year’s “Under the Hoodie” report saw a significant increase in the rate that software vulnerabilities are exploited in order to gain control over a critical networked resource.

In order to understand successes or opportunities in an existing—or, in some cases, nonexistent—vulnerability management program, a fresh set of eyes and fresh scan data is the first step. This can help determine whether the vulnerability management program is truly effective. If there is already an established vulnerability management program in place, fresh data and perspective can help to gauge just how well previously identified vulnerabilities have been mitigated, and whether they were done so in accordance with your organization’s defined SLA.

Given that the responsibilities for remediation vary and that stakeholders are often geographically dispersed, it’s paramount to ensure proper prioritization and remediation workflows—as well as long-term plans—are created and followed.

As part of our comprehensive Cybersecurity Maturity Assessment, Rapid7 will perform an external vulnerability scan of perimeter assets (up to a /24) instead of starting with old scan data. The output from this scanning helps our consultants determine whether your current vulnerability management program is truly effective at assessing your perimeter devices. Additionally, the vulnerability assessment helps determine the attack surface and threat landscape of the external perimeter hosts. From scanning your external hosts to determining whether the highest-ranked vulnerabilities are true risks relative to your environment, our consultants provide actionable information that helps you bolster your security posture and enhance the future state of your security program.

An assessment of your organization’s security posture would not be complete without first inspecting the human element. It’s no secret that adversaries are often more successful at breaching perimeter defenses through social engineering than through traditional service or application exploitation. With this in mind, companies need to be vigil in their security training and awareness programs. (Recommended reading: “Socializing Security” in the “Under the Hoodie” report.) As security should have many stakeholders, it’s often hard to gauge just how well these training programs are working, and this awareness needs to come from the top down. Otherwise, it will falter at some point.

Rapid7’s Cybersecurity Maturity Assessment offering keeps this in mind by performing a light phishing exercise to help you visualize how susceptible a subset of your employees are to phishing attacks. While the attack is not a targeted and sophisticated phishing attack, it still gives an inside look into how likely users are to click enticing links and subsequently supply their credentials. Any interaction with a potentially malicious site should be taken with the utmost care, and submission of any information—including fake information—should never occur. Why? There could be other nefarious actions set to transpire after the submission of data, or even the click of a link.

Proper vulnerability management and user awareness training are critical to an organization’s defense strategy. Rapid7’s consultants help to bridge the gap between security and business stakeholders, ensuring that security is an organization-wide concern, and not just an IT one.

Let our professional services team help you build or mature your security program today.

Get Started

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
299 Followers
About Rapid7
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.
Promoted Content
30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR
Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate. From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network. InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel