Skillsoft Blog

6 Starters to Mitigate Risk of Cyber Attacks

February 16, 2021 | by Amanda Papavasiliou

What is DevSecOps?

Mitigating the risk of future cyber attacks hinges on an honest assessment of people skills, infrastructure adoption, and process evolution. Security literacy is built with training and engagement. Exposures are blocked by technology modernization. Business resilience is attained with DevSecOps.

A complete security assessment also measures the impact and damage of previous intrusions. Assessments identify entry points and document exposures. In healthcare, you can’t treat an illness without an accurate diagnosis. Similarly, you can’t mitigate risk without consensus on vulnerabilities.

Sadly, the majority of intrusions go undetected until after the damage has been done. Calculating the value of lost assets is fairly objective. Assessing the harm to organizational sustainability, customer confidence, and workforce morale is a lot more difficult.

How confidently can you answer these questions about your organization’s ability to assess a cyber- attack?
  • Can you assess the value of your at-risk assets and intellectual property?
  • Will you be able to mobilize your workforce to mitigate a disruptive attack?
  • What will be the impact to competitive advantage and customer trust if data is compromised?
  • Are you protected against the financial impact of ransomware?
  • Does everyone in your organization know they are responsible for cybersecurity?

At stake is a catastrophic loss of capital and brand equity. Security tools and processes will not stop adversaries alone. Competitive advantage is achieved by building customer trust. Ransomware is an existential threat. Everyone is responsible for vigilance and practicing security policies and procedures.

Cyber Security Assessment

Assessing risks at all levels is important to understanding the types of mitigation required and the investment needed to make a real impact.

Actions to start right now to nourish a healthy security assessment and mitigate risks of cyber-attacks:

#1

Recognize good habits:

Some Dev and DevOps teams see security as a primary focus. Start shifting more Security responsibility left to Dev and right to DevOps as a core function and away from dedicated security job roles.

#2

Establish a security champions program:

Champions promote security literacy, quantify risks, and model good practices. Security champions are not native security professionals. Rather, they are rewarded for integrating security principles into their primary job roles. A program ensures a steady supply of new and motivated champions.

#3

Identify adversary groups along with vulnerabilities:

Leverage the MITRE Attack Framework to learn about adversary group behaviors as they often repeat known attacks. Be forward-thinking.

#4

Modernize Software development:

More Software is crafted than coded. Integrate security acceptance testing into the crafting process. Leverage security routines from Open-Source libraries and GitHub repositories. Use Machine Learning (ML) as an assessment tool.

#5

Ramp up disaster recovery and business continuity planning for remote work at home using the Cloud:

Harden your collaboration tools and usage policies. These are not temporary shifts.

#6

Measure cross-organizational skills:

You can’t improve what isn’t measured.

Security Skills to Build On

  • Cross-organizational literacy in assessing vulnerabilities and mitigating risks.
  • DevSecOps fundamentals to integrate security responsibilities into every job role.
  • Security policies and procedures for hybrid infrastructure environments.
  • Hands-on experience identifying security threats by industry and job role at a Cyber Range or practice lab.

Welcome to open

Open to new ideas.

Open to new skills.

Open to inspiration.

Read blog post

Tackle corporate learning and skills transformations with new Skillsoft tools

If you joined us for Perspectives 2021, (Don’t worry if you missed us live, you can watch many sessions on demand by registering here.) you know the biggest names in learning explored the challenges…

Read blog post

5G: What is it, and how will it enable the future for you and your business?

5G represents a fundamental paradigm shift compared to mobile communication networks of the past. Recognizing the implications of the technology, the potential it engenders, as well as comprehending the details of its technological implementation will go a long way in enabling you to take full advantage of 5G for you and your business.

Read blog post