Skillsoft Blog

6 Starters to Mitigate Risk of Cyber Attacks

February 16, 2021 | by Amanda Papavasiliou

What is DevSecOps?

Mitigating the risk of future cyber attacks hinges on an honest assessment of people skills, infrastructure adoption, and process evolution. Security literacy is built with training and engagement. Exposures are blocked by technology modernization. Business resilience is attained with DevSecOps.

A complete security assessment also measures the impact and damage of previous intrusions. Assessments identify entry points and document exposures. In healthcare, you can’t treat an illness without an accurate diagnosis. Similarly, you can’t mitigate risk without consensus on vulnerabilities.

Sadly, the majority of intrusions go undetected until after the damage has been done. Calculating the value of lost assets is fairly objective. Assessing the harm to organizational sustainability, customer confidence, and workforce morale is a lot more difficult.

How confidently can you answer these questions about your organization’s ability to assess a cyber- attack?
  • Can you assess the value of your at-risk assets and intellectual property?
  • Will you be able to mobilize your workforce to mitigate a disruptive attack?
  • What will be the impact to competitive advantage and customer trust if data is compromised?
  • Are you protected against the financial impact of ransomware?
  • Does everyone in your organization know they are responsible for cybersecurity?

At stake is a catastrophic loss of capital and brand equity. Security tools and processes will not stop adversaries alone. Competitive advantage is achieved by building customer trust. Ransomware is an existential threat. Everyone is responsible for vigilance and practicing security policies and procedures.

Cyber Security Assessment

Assessing risks at all levels is important to understanding the types of mitigation required and the investment needed to make a real impact.

Actions to start right now to nourish a healthy security assessment and mitigate risks of cyber-attacks:

#1

Recognize good habits:

Some Dev and DevOps teams see security as a primary focus. Start shifting more Security responsibility left to Dev and right to DevOps as a core function and away from dedicated security job roles.

#2

Establish a security champions program:

Champions promote security literacy, quantify risks, and model good practices. Security champions are not native security professionals. Rather, they are rewarded for integrating security principles into their primary job roles. A program ensures a steady supply of new and motivated champions.

#3

Identify adversary groups along with vulnerabilities:

Leverage the MITRE Attack Framework to learn about adversary group behaviors as they often repeat known attacks. Be forward-thinking.

#4

Modernize Software development:

More Software is crafted than coded. Integrate security acceptance testing into the crafting process. Leverage security routines from Open-Source libraries and GitHub repositories. Use Machine Learning (ML) as an assessment tool.

#5

Ramp up disaster recovery and business continuity planning for remote work at home using the Cloud:

Harden your collaboration tools and usage policies. These are not temporary shifts.

#6

Measure cross-organizational skills:

You can’t improve what isn’t measured.

Security Skills to Build On

  • Cross-organizational literacy in assessing vulnerabilities and mitigating risks.
  • DevSecOps fundamentals to integrate security responsibilities into every job role.
  • Security policies and procedures for hybrid infrastructure environments.
  • Hands-on experience identifying security threats by industry and job role at a Cyber Range or practice lab.

5G: What is it, and how will it enable the future for you and your business?

5G represents a fundamental paradigm shift compared to mobile communication networks of the past. Recognizing the implications of the technology, the potential it engenders, as well as comprehending the details of its technological implementation will go a long way in enabling you to take full advantage of 5G for you and your business.

Read blog post

2021 Trends in DevOps Online Training

At Skillsoft, our market-leading consulting customers have earned more than 150,000 DevOps badges since February 1st 2021. This alone is an incredible testament to the rising importance of DevOps skills...

Read blog post

4 Solutions For Avoiding DevOps Training Pitfalls

There are stacks of evidence extolling the virtues of DevOps and an almost equal amount of studies indicating how difficult DevOps is to harness successfully in large organizations. Why is DevOps transformation so hard and how can training help?

Read blog post