Are you Getting the Most out of Your Security Investments?Technological advancements are making cybersecurity tools faster and more effective than ever, but many companies may not be maximizing their investments. By: Ryan Davidsen
The year is 1989. I'm the proud owner of a Gateway Computer, 28k modem and around 100 floppy drives. Around one million geeks are already online across six systems, one of which is called the World Wide Web. Cybersecurity as we know it doesn't yet exist.
Fast-forward to today and waking up to news of millions of accounts being hacked is no longer a surprise. The World Wide Web eventually transformed the world economy beyond all recognition and ushered in a period of tremendous growth in global GDP. Floppy disks became huge hard drives and cloud storage; basic networks became the 17 billion connected devices in the world today. These changes brought convenience and growth, but also a level of complexity that presents threat actors with more attack vectors and vulnerabilities than ever before.
The job of today's CISO is getting harder and harder. There is an ever-increasing number of threat actors, attack vectors and malicious tools to worry about, and now more than 2,000 cybersecurity vendors offering a dizzying range of services and solutions.
In response, a host of vendors now offer shiny, AI-based fixes. The potential of AI in cybersecurity is incredible, and some of the tools already on the market can be extremely valuable in the right security environments. But there is a lot of noise to cut through and to digest. CISOs are exhausted, under-resourced with tremendous pressures to prevent a data breach – so the allure of a miracle cure can be strong. Through our experience with more than 4,400 clients, we've learned that in many cases, however, an expensive new tool isn't always the best investment when so many companies are still struggling with the basics.
Nail Down the Fundamentals
Following a security incident, more than 80% of the recommendations we make to organizations focus on security fundamentals. Every CISO understands the importance of good cyber hygiene, but why are so few companies practicing strong habits?
It can be hard, thankless work. User account management, multi-factor authentication, disabling unused protocols, guaranteeing executives take cybersecurity training: the checklist of elements that constitute good cyber hygiene is long and arduous. There is no single tool to manage them all, no program with a gorgeous UI that gives you access to everything. But the fundamentals are still typically the number one issue we identify most companies need to assess and address.
If cyber hygiene isn't addressed, then an organization can't effectively utilize expensive advanced security tools.
Craft a Plan
A good plan should be one of the first steps on the road to delivering a world class security program. Although there are numerous standards and regulations that are supposed to guide our approach, it's not easy to extract the relevant elements from those to build a comprehensive plan. As a result, there can be a lot of blind spots that introduce vulnerabilities.
Security needs to be integrated in to the very fabric of the business and not sprinkled on top as an afterthought. What once was viewed as an IT issue has become a critical business imperative, touching every level of the business from your front-line staff to your executive team. Today's security must be holistic, business-driven and scalable, adopting a risk management approach to improving program maturity.
Build a Team
AI is a long-way off replacing human functions in our industry. There is still no substitute for an experienced and dedicated security staff. A solid security team should have leaders, security engineers, security analysts and incident responders. On small teams these functions will be shared, but each is vital to a well-functioning security program.
You may need to offload some of the lower value tasks, so your team can focus on higher value activity. Or, you may need to augment the team with skills and expertise that you don't have or isn't practical to employ full time.
Pen testers and red teams hunt down threats that may have evaded detection and find weak spots in security architecture, while threat researchers provide the intelligence that tells us what to look for and what to guard against. These roles are critical to a robust security program, but often it isn't possible to staff them in-house. An individual company is unable to match the quality of threat data that a global security vendor with thousands of clients sees on a daily basis – partnerships are the key to success.
In the world of cybersecurity we succeed and fail as a community. When Emotet resurfaced last year, a Secureworks® analyst spotted it while investigating a company's environment. Once identified, we looked back in time across thousands of environments and found more than an additional 10,000 events across 25 different client environments. In the following months, we protected an additional 41 clients that otherwise could have been hit.
We call this defense-in-concert™, and similar concepts can be applied to the industry as a whole. We all face the same threats, so each organization building solutions in isolation doesn't make sense. Partnerships are a natural part of being better together, and Secureworks has trusted partners across the industry, as well as in law enforcement, industry groups, government CERTs and intelligence agencies. This way, new threat intelligence and cybersecurity methodologies are shared for the benefit of the whole community.
When one company is breached because of poor cyber hygiene the effects rapidly spread to other organizations around the globe. And when organizations are reluctant to partner and share insights with each other, everyone's threat intelligence suffers. We may not be able to go back to the relative simplicity of 1989, but by working together we can build an even more robust and secure digital environment that keeps us all on the same side against the adversary.