The cyber threat landscape is ever-changing, and organizations around the world must continuously reassess their cybersecurity capabilities to meet new defense challenges. Next Peak’s co-founders, Jim Cummings and Greg Rattray, have worked on the cyber defense frontlines for decades, and have seen the nature of the threat evolve through multiple iterations from both the public and private sector. They have leveraged deep strategic expertise and frontline experience to develop a holistic framework to help clients improve their cyber defense posture. In this blog post we explore the changing threat landscape and how Next Peak is uniquely positioned to help clients focus their approaches to cyber defense.
A changing threat landscape and new cyber challenges
Cyber attacks are increasing in frequency and sophistication as attackers seek to take advantage of insecurities exacerbated by the pandemic. The Federal Bureau of Investigation (FBI) reported an almost 400 percent increase in cyber attacks compared to pre-COVID levels. The nature and objectives of adversaries have expanded, with attackers deploying advanced tools, with innovative tactics, techniques and procedures (TTPs) once held and controlled solely by nation-states. In addition, the shift to remote work has created new challenges for security teams already confronted with the growing variety and volume of attacks. Increases in end points and operating systems created by remote work have significantly expanded attack surfaces, while security teams have much less visibility into employee actions on networks.
For many companies, the worry is no longer “if” a cyber attack occurs, but “when.” A recent IBM study estimates that the average data breach costs companies $3.92 million in lost business and remediation efforts. With ever growing adversary capabilities and attack opportunities, cyber criminals pose a very real and costly threat to companies of all sizes. However, most companies still invest in cybersecurity generally without making specific defensive investments tied to their business risk profile and environment. While foundational approaches to cybersecurity are extremely important, companies need to move from a security to a defense mindset in thinking about their cyber risk.
Whether or not companies survive the fallout from a cyber attack is often dependent on their ability to contain and remediate the effects of an attack in a timely, effective manner. The good news is that there are proactive measures and specific defensive investments that companies can make today to ensure that when a bad cyber day happens, they know what to do. IBM estimates that incident response preparedness alone can reduce data breach costs by up to $2 million.
Why Next Peak can help
Before founding Next Peak, Jim and Greg served as JP Morgan Chase’s Chief Security Officer (CSO) and Chief Information Security Officer (CISO) respectively. At JPMC, a very bad cyber day did happen in 2014 with a data breach that affected millions. Greg and Jim were part of the leadership team that led JPMC successfully through that major breach, contributing their extensive experience commanding operations groups for the US Air Force as well as directing White House cyber policy.
Many companies, especially in the financial sector, often suffer drops in stock price following a cyber attack. However, JPMC stock actually rose slightly after the breach, demonstrating how the steps that companies take during and after an incident can go a long way in reassuring stakeholders. In addition, despite the fact that less than one percent of reported cybercrimes lead to an arrest, close coordination between JPMC and law enforcement ultimately resulted in the indictments and extraditions of the perpetrators of the breach.
After the breach, Jim, Greg and the JPMC leadership took what they learnt from the incident and rebuilt the organization’s cyber defense program as part of one of the largest cyber program uplifts in the United States. Since leaving JPMC, Jim and Greg have taken those experiences to help companies of all sizes uplift their cyber defenses through strategic insight and operational execution. This work has included collaborative partnerships with Oliver Wyman for global clients across various industries, as well as deep thought leadership efforts with various think tanks.
Leverage Next Peak experience
Jim and Greg’s experience defending JPMC demonstrate how cyber attacks do not need to be a fatal blow to organizations. However, it took all of their battle-hardened expertise to help the organization successfully through that incident. Not every organization can hope to have the same depth of experience at the ready to guide action under crisis. That is why organizations need to make proactive defensive investments today to ensure that they know what to do when a bad cyber day happens.
Foundational components of an effective cyber strategy:
- Strategy to Task: ensuring unity from overall business risk down to individual cyber programs. There is often a disjunct in risk conceptualization by business executives and security teams. Companies must ensure that cyber programs tie directly to the company’s business risk profile and risk mitigation strategy, and measure impact and effect at each level.
- Understand threat profile based on industry, critical assets and operating locations. Not all companies are at risk from all cyber attacks. Companies must invest in cyber threat intelligence capabilities to understand who is coming after them and why, in order to make specific defensive investments to protect their critical assets. Security teams must be trained to be defenders rather than mere monitors, and this involves an understanding of adversary goals and TTPS to identify threats and defend networks.
- Developing playbooks in case of a bad cyber day. When a cyber incident occurs, companies often find themselves unsure of what the next action should be. Playbooks provide executives and employees at all levels with much needed structure and guidance over appropriate actions at the appropriate time, and companies should develop different playbooks for different teams and ensure cohesion between plans.
- Monitoring, evaluating, and uplifting capabilities to stay ahead. Effective cyber programs have built-in cyber threat intelligence processes for teams to monitor current capabilities and adversary attack trends. This allows teams to adjust defenses as threats evolve, and continually uplift to stay ahead of the next attack.
- Exercising and testing to ensure appropriate buy down of risk. Just because you have made cyber investments does not guarantee that they work appropriately. Cyber programs must be tested and exercised regularly at all levels, from board level tabletop exercises to operational security team exercises. These exercises build muscle memory, and train all company levels to respond faster and more effectively in a crisis.
This will be the first in a series of posts laying out Next Peak’s vision for a more focused approach to cyber defense. We hope that we have given our readers some helpful insights on building and structuring an effective defense strategy. In the series, we will explore how Next Peak’s different propositions help our clients with different aspects of their cyber defense needs, featuring advice and insights from out battle-hardened network of Cyber Defenders. Check back for future installments, and for more information on what Next Peak can do for your cyber defense, please click here.