“You must prepare for all the things that a ransomware threat actor would certainly do, but you’ve to take it a new step.”

Keeping informed of the cybersecurity threats of the day can be exhausting, which is why so many companies were engaging special vendors and managed security service providers (MSSPs) to assist them — but you can know they’re doing what you ought them to do?

Making relationships with outside parties may be an intelligent strategic move, alerts Secureworks CTU(Counter Threat Unit) Senior Vice President Barry Hensley, but if you’re not continuously monitoring and assessing that relationship, you’re exposing your integrity systems to a wide range of unknowns.

Customers of third-party firms must ensure they establish obvious practices for auditing new products and service providers, he said, comprising a clear understanding of how those providers will be kept accountable; whether customers can examine their security audits if they have an incident; and whether customers can perform an antipathetic pen-test or do a threat hunt inside their environments.

Consider the reasons you’re going into the relationship — whether because the third-party solution is more effective, more scalable, less expensive, or well-connected to the broader security community — and clarify what will happen if the relationship goes bitter by considering problems such as what data they gather, where it is saved, and how you can make sure it will be destroyed when needed.

A retired Army colonel of more than 20 years’ service Barry Hensley, SVP & Chief Threat Intelligence Officer— who has spent the past decade heading the SecureWorks specialist team — provides to companies wanting to ensure their internal security teams are willing to deal with incidents.

The principal to preparedness is to not take anything for granted — a habit that he has enforced within the CTU, whose security experts’ job is to analyze emerging threats and develop countermeasures for the company’s clients.

And whether companies are appealing to third parties or managing incident response in-house, he gave three key tips for every company engaging third parties: rehearse, rehearse, and rehearse.

“Have you practiced your ability to do all the incident response steps, the forensics, the containment, the eradication of the threat, and, finally, the recovery? Because nothing can substitute the shown ability to apply the tasks required to be successful in recovering from such a catastrophic event.”

Keeping up with a changing threat

With CTU tracking above 30 ransomware groups and keeping a roster of over 3,400 organizations that cybercriminal gangs have already compromised, Hensley’s team is aware of the potential damage companies can bear when hit by a cybercriminal attack.

Yet many don’t understand that today’s ransomware attacks are usually longer campaigns, with several elements and various subordinate attack vectors that may lead to data theft and publication, an embarrassment to the company or its executives, vicious denial of service (DoS) attacks, and other actions aimed to pressure companies to pay the ransom demand.

“You must prepare for all the things that a ransomware threat actor would certainly do, but you’ve to take it a new step.”

The shift to remote work hasn’t made the situation any easier. Every organization responded slightly differently — with various results as cybercriminals began probing for soft spots.

“Knowing that remote means lots of various things, organizations had to assume that they’re offering IT and security support to a person running in a contested space.”

“Now you live in a world of computers that are not patched, not monitored, not restricted, not protected, and not compliant — so how can your business work on that system in a manner that does not put the business at risk?”

The most efficient organizations not only documented what they had done during the transition to remote work, Hensley said, but also developed mitigating processes associated with enabling this new world.

“This truly is the new norm, and I don’t think you’ll see any organization going back to where it was.”