The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
Thread Tools Display Modes
Old 08-18-2018, 09:10 AM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 9,804
Arrow Why you should follow the 1-10-60 rule of cybersecurity

Why you should follow the 1-10-60 rule of cybersecurity
By: James Yeager 8-17-18

One of the most common misconceptions of a data breach is that it takes the heaviest toll on the reputations of federal IT leaders, as they are responsible for protecting their agency against a breach. However, headlines from recent data breaches, across both the federal and private sectors, reveal that in addition to the damage a cyber data breach can inflict on an organization’s reputation, there is also a high propensity for serious financial costs to be incurred.

As cybersecurity concerns continue to rise to the top of the agenda of federal agencies, it is important to consider why a particular department may be targeted and how prepared agency leaders are to withstand a sophisticated attack from a cybercriminal or nation-state group.

Breakout Time: A Critical Cyber Metric

If a federal entity is in fact breached, speed is one of the most critical factors in the remediation process. CrowdStrike recently unveiled a new cyber metric in its 2018 Global Threat Report, called “breakout time.” CrowdStrike found that, on average, organizations only have one hour and 58 minutes to detect and eradicate an intruder before they move from their initial entry point to compromise additional IT systems and wreak havoc on the enterprise.

There are three key metrics that can help your agency estimate its readiness to defend against a breach:

1. Time to detect an intrusion

2. Time to investigate an incident - understanding the criticality and scope, and what response actions are necessary

3. Time to respond to the intrusion - eradicate the adversary, and implement containment measures to avoid any damage

Best Practices: A Numbers Game

The most cyber-prepared federal institutions should aim to detect an intrusion in under a minute, perform a full investigation in under 10 minutes, and eradicate the adversary from the environment in under an hour in order to effectively combat sophisticated cyber threats.

Agencies that follow this 1-10-60 rule are much more likely to eradicate the adversary before the attack leaves its initial entry point, minimizing impact and further escalation. Visibility across the network is also critical to detect stealthy attackers who may behave like insiders. The use of innovative technology such as machine learning, endpoint detection and response, and next-generation antivirus, will expedite the ability to pinpoint known and unknown threats that may be lurking on the network while increasing visibility across all of the endpoints in the enterprise.

Thinking like the Adversary

To better understand cyber risks, leaders must think more broadly around digital assets and targets. This requires a change in thought process to try and get into the mind of the adversary. Nation-state and eCrime adversaries often go after high-value assets and targets that include the systems, persons, applications, and data sets that contain the organization’s most valuable data and/or can grant them access to other critical systems via lateral movement.

Government employees should teach their personnel to think about the big picture when assessing and prioritizing the top assets they need to protect. Cyber threat actors often focus their efforts on an organization’s more senior ranking leaders because of the influence they wield and the information they have access to. As such, those in the federal space need to make sure they have taken the appropriate steps to secure all endpoints within their agency and strive to implement the 1-10-60 rule.

Given today’s sophisticated threat landscape, it is imperative that federal entities and other public sector agencies are aware of the critical data that their particular department presides over and has access to. It is also critical to understand the importance of cyber hygiene and best practices. The 1-10-60 rule and breakout time is a clear benchmark that measures your organization’s cyber readiness to withstand today’s sophisticated threats.

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 09:14 PM.

Powered by vBulletin, Jelsoft Enterprises Ltd.