Contact Us
All resources
Go Back
Blog

Building A Culture Of Cybersecurity & Success

  • By helpag

As we navigate through 2022, I see myself looking back at 2021 and thinking, “Whoa! Did that really happen?” We have all seen unprecedented changes due to the COVID-19 pandemic and the response to it.

We have also seen new and emerging threats that have challenged our defenses and kept our cybersecurity teams on their toes.

I want to share three topics that are close to my heart, one of which has received a significant amount of attention from the media and international press.

  • Critical vulnerabilities in bundled software libraries
  • Detecting the tip of the iceberg and going below the surface
  • Key activities for 2022

In a cyber-attack, avoidance is not enough. We must understand the size and nature of the attack (the ‘iceberg’). This means going ‘below the surface’, investigating what we know and can see, and uncovering what we cannot see through investigation.

Critical vulnerabilities in bundled software libraries

In December 2021, as Christmas and the New Year came into view, the world reacted to a vulnerability in a previously obscure software package – “log4j”. What made this vulnerability so difficult to mitigate was the ubiquitous nature of the package – it was installed EVERYWHERE! This package was bundled and packaged with so many other software packages that many organizations at first did not even believe they were vulnerable.

The initial uncertainty of many organizations led to intensive and widespread investigation, revealing limited but significant exposure – especially across internet-facing systems. Several organizations were caught off-guard because their traditional systems did not catalogue or provide visibility on log4j – it didn’t exist in their repositories, so therefore they thought they were not vulnerable. This false sense of security led to delays, misunderstandings, and confusion. As successful attacks impacted externally facing assets, many organizations had to rapidly change their approach to understand. This change of approach, whilst dealing with a cyber-attack, is extremely difficult to manage and could have been avoided.

Giving analysts sufficient exposure and experience in handling attacks (not just alerts) is critical to developing the right skills and maintaining employee engagement by handling attacks that matter to your stakeholders.

Detecting the iceberg and going below the surface

In the open sea, an iceberg can be detected using multiple means: a satellite, sonar, radar or human vision. Only one of these is required to detect the top of the iceberg at any point in time, alerting the watchman, and initiating response.

When handling cyber-attacks, threats and vulnerabilities, the same principle applies – we need only a single trigger or alert about a cyber-attack to initiate a process.

Once the iceberg is detected, the ship’s captain will decide the course of action. Depending on what is known, including the anticipated size of the iceberg below the surface, the captain is likely to simply avoid it. A course change is set, the iceberg is bypassed, and the risk is mitigated. The ship continues its journey.

In a cyber-attack though, avoidance is not enough. We must understand the size and nature of the attack (the ‘iceberg’). This means going ‘below the surface’, investigating what we know and can see, and uncovering what we cannot see through investigation – it is a process commonly referred to as ‘pivoting’, where analysts ‘pivot’ from one discovery to the next, following the events or evidence of attacks.

This iterative process uncovers other pieces of information, until a picture of the attack can be put together. The process of pivoting and investigation is critical to understand the length and breadth of an attack, including the impacted assets and nature of the attack. Giving analysts sufficient exposure and experience in handling attacks (not just alerts) is critical to developing the right skills and maintaining employee engagement by handling attacks that matter to your stakeholders.

Key activities for 2022

Helping teams operate efficiently is key. Help AG recognizes the need for efficiency in all areas of cyber operations. So, here are some key initiatives for organizations to consider in 2022:

  • Simulating attacks to provide assurance that security controls are optimized
  • Automating mitigation and response to known and low-impact attacks
  • Retaining skilled cybersecurity professionals in a highly competitive market

In the following sections, experts from Help AG and our partners will share key insights. Here is a summary of what is coming up in this report:

  • Top threats and vulnerabilities in 2021
  • Decryption of a cyber breach handled by Help AG CSOC
  • DDoS attacks continue to be on the rise
  • How business continuity is evolving in the age of cyber
Focus on People

One of the biggest threats to cybersecurity posture is the lack of skilled people. This takes many forms including availability, retention, and motivation.

Below is a snapshot of key questions and relevant guidance from Help AG.

Culture

What happens to culture when everyone is working at home?

A hybrid approach is needed. Flexibility and face-to-face engagement both remain critical to an attractive work culture. Without flexibility, people feel micro-managed. Without face-to-face engagement, trust deteriorates.

Growing Talent

How do I build a great team?

  • A mixture of approaches is required, including short-term experiences like internships, work experience for freshers, opportunities to learn, attractive compensation, and of course a positive work culture.
  • Does everyone need to be a Ninja or a Jedi? You need different levels of skills to provide opportunities for growth, and appropriate skills for specific tasks.
Giving People Reasons to Stay

How do I give my team reasons to stay?

  • Prioritize reward and recognition, and actively discuss compensation.
  • If learning is required, incentivize high-priority training and development.
  • Provide a strategic direction: show the team what they are working towards, and when they reach it, celebrate!
Leadership

I have a big team – how do I manage it well?

  • Hire key leaders who have multiple skillsets, with breadth of exposure in different contexts. An analyst or engineer may not be the best choice to lead.
  • Invest in your leaders, empower them to make decisions and support actively.
  • Monitor key indicators of operations and ensure cross-leadership visibility to identify opportunities to improve.

 

  • Top Resources:
  • Share via:

More Resources

Annual WISR Event – Help AG & Netscout
Blog

Driving Cyber Resilience: Strategic CISO Advisory by Help AG

Read More
Annual WISR Event – Help AG & Netscout
Blog

2025: Innovate. Secure. Sustain.

Read More
WhatsApp-Image-2024-11-01-at-10.06.21-AM-1
Blog

AI Assistants in Software Development – Balancing Innovation with Responsibility

Read More
insights-key-to-reliable-financial-reporting-it-assurance
Blog

Building Resilience: The Future of IT

Read More
media-release
Blog

Threat Intel Powered Protection

Read More
cyber-security
Blog

The Security Risks of Service Accounts: You Can’t Protect What You Can’t See

Read More
OIP-5
Blog

Charming Kitten: Unravelling the Innovative Tactics of the Cyber Espionage Group

Read More
cyber-security
Blog

Help AG Achieves ISO 22301 and 27001 Certifications in UAE and KSA

Read More
MicrosoftTeams-image-2
Blog

Help AG Achieves the SOC Capability Maturity Model Level 3 Certification: Marking a New Era in Cybersecurity

Read More
CybersecurityAbstract
Blog

Securing the Backbone of Your Digital Ecosystem: A Comprehensive Guide to API Security

Read More

Stay ahead of tomorrow’s cyber threats. We address our clients’ diverse cybersecurity requirements, enabling them to evolve with a competitive edge and securing their digital transformation.

Hyperscalers Security
Securing AI & Post Quantum Cybersecurity
Cybersecurity Services
Hyperscalers Security
Securing AI & Post Quantum Cybersecurity
E2E Zero Trust Solutions
Company
We are the cybersecurity
arm of e& enterprise.

Privacy Policy

© 2025 Help AG. All rights reserved

Securing AI & Post Quantum

where creativity meets cutting-edge innovation to drive transformative solutions.

Hyperscalers Security

protecting your cloud infrastructure with cutting-edge security solutions.

Media

insights and analysis on the latest trends & technologies.

Blog Post

stay updated with our latest news, press releases, & more.

Reports & whitepapers

in-depth research and analysis on key cybersecurity topics.

Videos

watch & learn from our insightful video gallery

Service Briefs

comprehensive guides and technical documents.

Threat Advisories

critical updates and alerts on emerging threats.

Events
Trust Center
Partners
Careers
Contact Us

Download the Content

I’m interested in the solutions & services from?

(Choose all that apply)

2025 Cybersecurity State of the Market Report Is Here!
Be informed. Be prepared. Be secure.
Download the Report
  • Share via:

Request Demo