Tips for building a cybersecurity war room

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.

cyber security team

When COVID-19 hit the United States, there was no shortage of headlines about the new security challenges caused by the shift to remote work. There is truth in that, but I argue that, rather than creating new problems, what the pandemic did was expose and exacerbate existing security weaknesses.

 

For example, in the rapid shift to remote working, many organizations' most immediate solution was to relax their virtual private network (VPN) and Remote Device Protocol policies to give workers access to applications and data through personal devices and home networks. But reports like this one from ExtraHop found this often led to misconfigurations that cyber-attackers were fast to exploit.

 

Additionally, although cloud adoption was already on the rise before COVID, many enterprises are now entirely cloud-enabled, making the perimeter increasingly obsolete. Threats are no longer just malicious actors that make their way in; today, they include inside actors, misconfigured services, and shadow workloads containing sensitive enterprise data, accelerating the urgency around gaining visibility in the east-west corridor.

 

And that's not all that's suffered from the increase in remote cross-team communication. IT and security teams were already battling competing priorities, but now they might need to take extra steps to resolve an issue. And worse? Hackers thrive on this kind of chaos. Inherently lazy hackers will exploit a lack of cross-team communication to gain access to the network's most critical resources, often moving under the radar until it's too late. Internally, this not only leads to breaches, potential loss of sensitive data, and millions of dollars' worth of fines and legal liabilities, but also finger-pointing that exacerbates preexisting cultural silos between teams.

 

Update your war room strategy

 

For nearly two decades, I actively served the U.S. Marine Corps, completing three combat tours. After spending the majority of my military career as a network architect and engineer, I approach my cybersecurity work at Viasat with a unique perspective on mitigating high-risk situations.

 

In security, like combat, there is no better way to prepare for the next attack or crisis than getting tightly aligned on war-room strategies. War rooms are designed to bring key decision-makers together and arm them with all the information necessary to make rapid decisions during high-risk situations.

 

The same techniques used in real-world combat apply in cybersecurity operations. The only difference is that instead of bullets flying downrange, it's packets. Instead of nation-states going at it, you have everyday groups of hackers trying to gain access to your network, steal your information, or degrade your service. Any security practitioner will tell you: It's a war zone.

 

Build a bulletproof war room

 

Here are three tips for establishing a bulletproof war room that delivers deep organizational visibility and enables rapid decision-making.

 

1. Bring the right people to the room

 

In today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams spanning cloud, network, development, automation, and more.

As much as these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organization. When they send updates or find an exploit that threatens their system, it's not just their system that is impacted; it can produce massive consequences across all areas of the business.

 

2. Empower teams to overcome decision paralysis

 

In combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be quickly made.

 

3. Plan for various scenarios and risk levels

 

In one instance, a war room could bring together a group of engineers from different disciplines to investigate or troubleshoot something that crosses boundaries into their systems.

 

In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future — whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities.

 

No matter the risk level, war rooms can function as catalysts for aligning on sharp, effective plans, both in offensive and defensive situations.

 

Don't overlook the basics

 

IT and security professionals' jobs became increasingly more difficult in 2020 — they've re-imagined the traditional enterprise network and created new, safe ways of working all while combating deeper cultural silos than ever. In this new reality, one of the biggest mistakes organizations can make is to skip the security basics. 

 

Building a cohesive war room gives IT and security teams new ways to collaborate, work together, share information, and avoid finger-pointing. Reaching out to colleagues can build bridges that help solve these new challenges we're facing together. In the Marines, I saw first-hand the power of what can be accomplished when teams focus and work together. As the Marines advise when facing times of chaos: "improvise, adapt, and overcome."

 


lee chieffalo
Lee Chieffalo

Lee Chieffalo CCNP, CCDP, CISSP is Technical Director of Cybersecurity Operations at Viasat.

Recent Posts

STAY UP TO DATE WITH OUR LATEST NEWS