Posts

The Cyber OODA Loop Explained: Enhancing Cyber Defence with Rapid Decision-Making

The Cyber Observe Orient Decide OODA and Act Framework

If you follow the world of Jocko Willink or listen to his podcast, especially the one with Andrew Huberman, then you will have heard about the Observe, Orient, Decide and Act (OODA) loop.  

Willink used this model during his time in the Navy Seals to help him overcome challenges. This article explores how the OODA loop can be utilised in cyber response, especially in highly stressful situations, to enable you to see the woods from the trees. 

What is the OODA loop? 

Observe

The first step in the OODA loop is observation. In the context of cybersecurity, this involves actively monitoring our network, systems, and external threat intelligence sources. Key activities include: 

Security Bulletins and Advisories: Regularly track security bulletins and advisories from trusted sources. Stay informed about vulnerabilities and emerging threats. 

Threat Intelligence: Gather information on adversary tactics, techniques, and procedures (TTPs). Understand their modus operandi to anticipate their moves. 

Incident Detection: Implement robust detection mechanisms, including network intrusion detection systems (NIDS), firewall logs, and user behaviour analytics.

Orient

Orientation is about making sense of the observed data. Here’s how it applies to cyber defence: 

Assess Applicability: Evaluate how the observed threats align with your organisation’s assets and operations—Prioritise based on criticality. 

Operational Issues: Consider operational constraints, resource availability, and potential impact. What can realistically be addressed? 

Risk Assessment: Quantify the risk associated with each threat. Understand the potential consequences of inaction.

Decide

Decisiveness is crucial in the face of cyber threats. Make informed decisions: 

Prioritise Remediation: Decide which vulnerabilities or incidents require immediate attention based on your risk assessment. Create a remediation strategy. 

“Duelling” OODAs: Recognise that adversaries also operate within their own OODA loops. Act swiftly to disrupt their plans.

Act

Execution is where the rubber meets the road: 

Rollout and Monitor: Deploy patches, updates, and security controls. Continuously monitor for any “breakage” caused by changes. 

Active Defences: Implement active defences such as honeypots, sinkholes, and application whitelisting. Deceive, degrade, and disrupt adversary actions. 

Cyber OODA Loop

Continuous Cyber Loop

Remember that the OODA loop is iterative. As you act, new observations emerge, leading to further orientation, decisions, and actions. Adaptability and agility are essential. 

Organisations face an ongoing battle to protect their digital assets in the volatile landscape of cyber threats. Initially developed by military strategist Colonel John Boyd, the OODA loop provides a robust framework for decision-making and response. Let’s explore how this loop can be applied to enhance our defences against cyber-attacks. 

In an outbreak or live cyber-attack, it can be challenging to remain calm whilst taking the first steps to deal with the situation and do the right thing. We recommend taking time to run an OODA loop model in your mind. In doing so, you can find a better, more effective way to tackle the challenges.  

Those of us who are often in a position where a decision needs to be made fast, risk missing alternative more effective ways due to time pressure. However, this model will give you the best chance to see a clearer picture, so you can make more informed decisions.  

Application Of the Loop in Cyber Security

The first step is to observe the incident and analyse your data:  

  1. What has happened?  
  2. Calmly analyse the facts and the unknown.
  3. Assess the worst possible scenario and the potential impact on your business.
  4. Think of your next steps.  

Once facts have been established, decide on the action and how you will proceed with the informed decision. Hopefully, the decision stemmed from the Observe and Orient model. 

The Act is the last step which puts the plan into action. At this point, you should also be planning to perform another OODA loop to cover the previous loop; sometimes, you may even be running multiple loops at once. The ability to place a cognitive weight on having time to make the right decision is key in a high-pressure scenario. 

If you are looking for further reading, then you can also look at the following: 

Mandiant APT1 Model: Map control implementations to the adversary model. Identify opportunities to detect, deny, and disrupt attacks. 

MITRE ATT&CK Matrix: Align techniques with tactics. Understand where defences are effective and where gaps exist. 

By embracing the Cyber OODA loop, organisations can transform reactive responses into proactive defences. Rapid decision-making, continuous adaptation, and a deep understanding of the threat landscape empower us to stay ahead of cyber adversaries. Remember: in cyberspace, surprise favours the prepared mind. 

If you want to talk to Planet IT experts about how we can help you with your cyber security, planning and innovation, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected]. 

 

Cloud Security Posture Management, Why you need it!

Cloud Security Posture Management

It’s time to discuss the importance of moving to an Opex model, the drive towards consumption-based usage and the impact on technologies like Microsoft Azure, as well as the importance of protecting Cloud resources and security when you move resources to the cloud. This article looks at how we put these principles into practice in Cloud Security Posture Management.

What is CSPM And Why Is It Important

Cloud security posture management (CSPM) is critical for any business moving its infrastructure to Microsoft Azure. CSPM helps organisations identify and remediate security risks in their cloud environments, to ensure their data and applications are protected. This rather preventative approach helps avoid any disasters!

When moving to the cloud, businesses must ensure that their security posture is robust and able to withstand the unique challenges of the cloud environment. Once you move to the cloud, you are placing only some, but not all, of the responsibility for the service provided.

In this shared responsibility model, the level of understanding of your risks is critical. This is why CSPM tools are so essential. They provide a comprehensive view of the security posture of an organisation’s cloud environment. It allows them to identify and address vulnerabilities and misconfigurations that could expose their data and applications.

Automation and Benefits Of CSPM

One of the greatest benefits of CSPM is the ability to automate the process of identifying and remediating security risks. Taking the human out of the equation often results in a better, faster, and more secure platform in the long term.

This is particularly important where the scale and complexity of the environment make it difficult for businesses to keep up with the constantly evolving threat landscape. CSPM tools can automatically scan the cloud environment for vulnerabilities and misconfigurations. This alerts security teams to potential risks and provides the information needed to take action.

CSPM also gives businesses greater visibility into their cloud environment, allowing them to monitor activity and detect unusual or suspicious behaviour. With the correct visibility, you can trust that the systems you have in place are configured and protected to the required standard.

The dynamic nature of the environment can make it difficult for businesses to keep track of changes and activities. CSPM tools provide real-time visibility into the cloud environment, allowing security teams to identify and respond to potential threats quickly. Being able to see who has made changes, what risks you have, and the overall nature of your cloud posture is invaluable.

Complying with Standards and Regulations

Many businesses are subject to strict regulatory requirements, and failure to comply can result in significant fines and reputational damage. CSPM tools can help businesses ensure that their cloud environment complies with relevant standards and regulations, reducing the risk of non-compliance. If your business needs to hit Cyber Essentials, ISO 27001 or PCI-DSS, then CSPM is the way to go

In summary, CSPM is essential for businesses moving their infrastructure to Microsoft Azure. It gives businesses the visibility, automation, and control they need to ensure their cloud environment is secure and compliant. By implementing a robust CSPM solution, businesses can protect their data and applications from threats, reduce the risk of non-compliance, and maintain the trust of their customers and stakeholders.

If you want to talk to one of our experts about how we can help your business secure its cloud environment and the benefits a CPSM could have for you, please call 01235 433900 or email [email protected]. If you want to speak to me directly, you can contact me via DM or at [email protected].

 

Unleashing The Power Of Microsoft 365 Copilot

Copilot for Microsoft Office 365

Microsoft Copilot for 365  is a chat-based tool that integrates into other 365 applications such as Microsoft Teams, Outlook, and SharePoint. It can learn and understand data from these locations, giving it the ability to answer questions, summarise documents, and more. Copilot is also integrated into the applications, allowing you to use it in real-time to draft emails, summarize emails or Teams chats.

 

Watch our webinar about unleashing the power of Copilot for your organisation

 

How will Copilot change the way we will work?

Microsoft Copilot for 365 won’t be coming after your job anytime soon.  Copilot 365 is there to help make your job more efficient and effective by cutting down the time you would have spent reading unimportant emails or messages, drafting base documents and emails and so on.  It will help you improve your time management skills, professionally write emails and recap your entire working days.

The security and compliance around Copilot

However, Microsoft Copilot 365 poses new security and compliance challenges for businesses as it has access to so much data.  Examples of risk can involve data leaking to the wrong user or a compromised user which could be could be devastating.

Currently, Copilot has inbuilt rules and compliance policies to stop certain actions such as users requesting sensitive data like payslips or contracts. It also has built-in security to only show data that the user would be able to access natively.

It is on Microsoft’s roadmap to integrate this policy into Purview to allow IT admins greater control over copilot security.

If you are eager to harness the full potential of Microsoft Copilot 365 to elevate your business through AI integration in your daily operations, then please call 01235 433900 or email our team of experts at [email protected]. As your trusted Microsoft Solution Partner, we seamlessly guide you through every step – from licensing to integration – ensuring that your investment not only meets but exceeds expectations.

Integrating Generative AI

Integrating Generative AI, Machine Learning and AI

In the dynamic landscape of technology, integrating Generative AI, Machine Learning (ML), and Artificial Intelligence (AI) has become imperative for businesses to stay competitive and innovative.

 

Not since the dot.com era have we seen such a dramatic shift in technology, which has become a part of our everyday lives. 

 

Businesses must adapt and integrate AI, ML and GenAI into their short and long-term IT strategies. To enable employees to access AI tools from their workstations, mobiles and any web-enabled device. 

 

More than ever, IT professionals ought to be committed to developing robust strategies that leverage these technologies to enhance operational efficiency, customer experiences and overall business outcomes. This article will explore key considerations and recommendations for incorporating Generative AI, Machine Learning, and AI into your IT strategies in 2024.

Understanding the Business Objectives:

 

As IT leaders, you must align the adoption of Generative AI, ML, and AI with the broader business objectives.

 

Due to a lack of consideration for your business’s strategic objectives, the improper use and implementation of these technologies may have little or no effect on achieving organisational objectives. In other words, these tools should be complementary and continuously aligned with the organisational strategy. For instance, some technologies may not necessarily support the direction of the business. The same principle applies to the implementation of strategic IT decisions.

 

Conversely, the judicious use of AI can elevate customer service satisfaction and increase operational efficiency, which can lead to gaining a competitive advantage in some shape or form.

 

Crafting an effective IT strategy based on individual business merits will help choose technologies tailored to individual needs that will support development and growth.

 

Talent Acquisition and Skill Development:

 

Investing in talent is crucial for successful implementation. IT leaders should assess the existing skill set within their teams and identify the gaps. This is crucially important as well as your current team’s skill including knowledge of working with IA set vs. AI delivery services.  

Hiring or upskilling employees in areas like data science, machine learning, and deep learning ensures that the organisation has the expertise to drive AI initiatives. Not only focusing on the team who will support it, but your IT strategy must also focus on how you train end users to understand, leverage and validate where AI is used.

 

Establishing a Data-Driven Culture:

 

Generative AI and ML rely heavily on data. IT leaders must foster a data-driven culture within the organisation, emphasising the importance of high-quality, relevant data. It has always been a challenge for businesses to hold data regardless of its quality, relevance, or ability to be reused, ingested, or understood by a system. With AI, both structured and unstructured data can be used, but the data still needs to be relevant if you implement a system to reduce the amount of time your business spends on answering customer queries based on previous fixes but don’t check the previous fixes for validity you are likely to suggest non-solutions and harbour distrust in the system. This involves implementing data governance practices, ensuring data security, and promoting collaboration between IT and business units to derive meaningful insights. Tools like Microsoft Purview are a great place to start when looking into your data and its governance.

 

Creating a Robust Infrastructure:

 

IT leaders need to invest in a robust and scalable infrastructure to support the increased computational demands of AI applications. For most, this will mean looking at a transparent Cloud and edge computing strategy, moving away from private and co-located data centres on dedicated hardware to pooled and shared, scalable solutions like Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP). This becomes critical when you consider that for some AI workloads, you will need specialised hardware such as GPUs, which may be essential IT infrastructure components to ensure optimal performance or gain the results your business requires. For those who want to remain on-premises, then your strategy needs to directly reflect a hybrid cloud approach as you will not be able to run many of these tools in your environment and will instead need to run the toolset where it is best suited be that with the vendor or on a public cloud instance.

 

Implementing Explainable AI:

 

As your strategy reflects how your business increasingly relies on AI-driven decisions, you must ensure that your business, customers, and staff can maintain faith in the solution; therefore, transparency becomes critical. As IT leaders, you should prioritise adopting Explainable AI models that provide clear insights into how AI algorithms arrive at specific conclusions. This transparency builds trust both internally and externally. This is easier said than done with some of the current Generative AI toolings, and therefore, your IT Strategy should reflect how you will tackle this when selecting the tools you will work with.

 

Security and Compliance:

 

Ensuring the security of AI systems is paramount. As an IT leader, you must integrate AI technologies in compliance with industry regulations and standards. Now, most of these AI tools currently take little consideration for the regulations and standards your business might have to reach, be that HIPPA, PCI-DSS, or ISO. Therefore, it will fall to you and your strategic approach to ensure that safeguards are put in place and that you remain in control of your data, its sovereignty and how it is being used. Additionally, implementing robust cybersecurity measures is essential to protect sensitive data and maintain the integrity of AI applications; this does not stop with just placing anti-virus on a system; you will need to think beyond this and engage with the right security partners.

 

Continuous Monitoring and Improvement:

 

AI models require ongoing monitoring and refinement. IT leaders should establish mechanisms for continuous evaluation of AI systems, identifying areas for improvement and adapting strategies based on real-world performance. Regular updates and adjustments ensure that AI applications remain effective and aligned with evolving business goals. Remember that even though a model is good today, it will still be better in 6 months or a year. Also, the data set will age out on models, therefore, you need to ensure you understand how and when this will be updated to support your business. 

 

Collaboration and Communication:

 

Successful AI implementation requires effective collaboration between IT and all business units. IT leaders should facilitate communication, break down silos, and encourage cross-functional collaboration to ensure that AI initiatives align with the overall business strategy. No man is an island, and if you make your safe in this landscape, you will quickly fall behind. While implementing your IT strategy, you engage a cross-business group and work with them to support you in understanding how to engage the wider business and provide training, support, and guidance to maximise uptake and effectively communicate the changes coming.

 

In 2024, the strategic integration of Generative AI, Machine Learning, and AI into IT strategies is critical to business success. IT leaders must align these technologies with business objectives, invest in talent and infrastructure, foster a data-driven culture, prioritise security and compliance, and ensure continuous monitoring and improvement. By adopting a holistic approach, you, as an IT professional, can position your organisations at the forefront of technological innovation, driving sustainable growth and competitive advantage in the ever-evolving digital landscape.

 

If you want to talk to one of our experts about how we can help you with your IT strategy or implementing AI into your business, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.