9. The Application of Cybersecurity: Principles and Practices 233 9.1.10 Planning for Failures “Those who fail to plan for a security incident are planning for failure.” - The Art of Deception by Kevin Mitnick As we saw in Chapter 5 on risk management, disaster planning is essential for cybersecurity because it is understood that there will be failures. Organizations must be prepared. The principle of planning for failures states that organizations must assume that cyber incidents will occur. This principle is not to be taken fatalistically, as in, “We are going to fail and there is nothing we can do about it, so why try?” Rather, following this principle provides a healthy dose of reality that can help organizations properly prepare and stay vigilant, ultimately improving their cybersecurity posture. It is also an encouragement that a future exists after an incident and recovery is possible. Cyber incidents are an existential threat for some organizations, but proper planning makes it much more likely that an organization can recover from an incident and move forward. A helpful way to prepare for and hopefully prevent cyber incidents is to perform a pre-mortem. A pre-mortem is a thought experiment where one imagines a failure has occurred and explores how and why it could have happened. This is similar to what we did in Section 5.4 on disaster recovery planning. Exercises like these motivate the planning process and provide helpful insights. They can lead to actions that make incidents less likely to occur. For example, a pre-mortem might imagine that a business email compromise has occurred within an organization. A business email compromise is when an employee is tricked into making a fraudulent funds transfer. Often in an attack like this, a cyber criminal is able to impersonate a company executive and insist that a payment be made immediately. By imagining that this has taken place, and then asking the question, “How could this have happened?,” an organization might be able to purchase a technology, create a process, or raise awareness among employees that would make a business email compromise much less likely. Planning for failure also involves implementing appropriate detective and corrective controls. Detective controls can sometimes prevent incidents altogether or at least limit their damage. For example, creating a process around reviewing log files can shrink the dwell time of cyber adversaries. Corrective controls help an organization recover from an incident. A control like data backups can provide an organization with options in the wake of a ransomware attack. Zero trust is an implementation of the planning for failures principle. Zero trust is a security strategy that assumes internal systems may be compromised. Therefore, it requires that all requests be verified, even ones from trusted systems, instead of just assuming they are legitimate. This is similar to the trusting trust principle covered above, and it comes from the mindset of planning for failures. It is a somewhat pessimistic outlook, but, as history has demonstrated, it is also realistic.
RkJQdWJsaXNoZXIy MTM4ODY=