Cybereason, the XDR company, announced the publication of the inaugural report from the Cyber Defenders Council, a group of 50 preeminent security leaders from public and private sector organizations across North America, EMEA, and APAC. The report, titled Defend Forward: A Proactive Model for Cyber Deterrence, discusses the concept of Defend Forward that originated with the U.S. Department of Defense (DoD) and how security leaders can adapt it for the private sector via six guiding principles.
Leading global cybersecurity executives, government dignitaries, and other thought leaders joined the Cyber Defenders Council because of its focus on deterring the activities of nation-state-sponsored threat groups and other advanced adversaries, including ransomware gangs. The Council’s membership comprises executives from 50 large global organizations, including The Kraft Heinz Company, TikTok, Cisco, IBM Security, GE Healthcare, and Colgate-Palmolive Company.
General Joseph Dunford (ret.) is also a member of the Council. General Dunford served as the 19th Chairman of the Joint Chiefs of Staff from 2015-2019. While serving as the highest-ranking military officer, General Dunford played an instrumental role in refocusing the United States’ cyber defense strategy.
“Bringing together fifty of the world’s leading cybersecurity experts during a time of unprecedented attacks on both private and public sector organizations puts threat actors on notice. This Council offers private sector enterprises much-needed concrete guidance for reversing the adversary advantage,” said Cybereason CEO and Co-founder Lior Div.
The report focuses on adapting for the private sector an approach to cyber deterrence and highlights the following six guiding principles:
- Assume you are at risk: Conduct scenario planning with your senior leadership team to identify cyberattack situations that could create material risks for your organization.
- Understand the threat: Understand the attackers most likely to target your organization, the reasons why, and the methods they’d use, including the vulnerabilities in your organization’s defenses that they could exploit.
- Collaborate across sectors: To facilitate collaboration and intelligence sharing, the parties involved must trust each other. As intelligence sharing increases, platforms are needed to deconflict disparate intelligence sources and help prioritize actions.
- Use intelligence to instill a bias for action: Use threat intelligence to drive a wide variety of strategic and tactical security decisions. Apply design goals based on intelligence to instill a bias for action among members of your security team.
- Leverage large-scale analytics and technology: Large-scale analytics capabilities promise to enable security teams to address one of their biggest challenges–the fact that they are drowning in data and alerts that do not rise to the level of actual intelligence.
- Assume you are still at risk: The Defend Forward mindset and approach can help security leaders build robust programs that drive accountability and deliver meaningful business and cybersecurity outcomes.