Overcoming Fundamental Cybersecurity Gaps
The primary duty of senior management is to ensure that confidential information is protected in their respective organisations. However, many data breaches continue to occur. Many of these went undiscovered for months, yet many of the vulnerabilities were discovered by external parties and not by the business itself. These gaps or deviations sound simple but are so fundamental that many organisations do not address them.
Why is this so?
Most enterprises, small and large, operate with a "set it and forget it" security automation, nursing the hope that multiple automated defence layers will solve the security problem. However, this hope disappoints.
If automated security measures solved the problem, we wouldn't see 44 million compromised records in just one year. Of course, enterprises don't spend a collective $46 billion for nothing.
Most security technology does what it is designed to do. That said, security automation by itself leaves critical gaps open, and cybercriminals have become adept at bypassing defences to steal sensitive information.
Fundamental Cybersecurity Gaps
Cybersecurity solution providers are the first to admit that technology by itself does not solve the problem. Products tend to be programmed only for specific threat vectors. It always takes human intervention to restore systems to normal after a breach occurs. The damage suffered by an enterprise depends largely on how long the cyber threat remained undiscovered and unaddressed.
There are five gaps in the traditional approach to cybersecurity:
1. Protecting against the past
Most security products are designed to recognise attacks that have happened before. They automatically prevent reoccurrences because they are programmed with threat signatures. Unfortunately, the past isn't always a guide to the future. Threats morph all the time as cybercriminals devise new ways to bypass security technology. Automated security systems are always one step behind. Enterprises need protection against previously unknown (called "zero-day") threats, not just yesterday's known threats.
2. Maginot line mentality
The Maginot Line was a series of concrete fortifications that France deployed along its border with Germany during the 1930s. The idea was to provide time for their army to mobilise in the event of an attack. But at the outset of World War II, the Japanese army outflanked and outwitted the British army through the Maginot Line, invading through the dense Malayan jungle into Singapore.
Traditional cybersecurity is based on an outwardly-focused "prevention" mentality. But today's most damaging attacks elude existing defences to take up residence inside the enterprise network. Once there, they bide their time – gathering information that will make the eventual attack more successful and damaging.
Preventing intrusions is necessary, but what happens when preventative measures fail? How do you even find out? Enterprises need to combat threats that may already exist inside the corporate network.
3. Malware myopia
Malicious software is a huge problem, but it is just one threat vector. Only 40% of last year's attacks were based on malware. What do we do about the other 60%? Enterprises need protection against all possible threats, not just those that involve malware.
4. Alert overload
A big problem with security automation is that it is automated. When a potential threat is identified, an alert is sent out. In no time at all, the IT staff is swamped with alerts – but which ones are really worth analysing?
It is a constant challenge to tune these systems. Too tight, and you get flooded with alerts. Too loose, and you may not get that one alert you really needed. In practice, most enterprises err on the "too loose" side because they do not have the resources to investigate false positives. As can be imagined, this exposes them to greater risk.
Enterprises need a way to sift through the millions of network events that happen every day to zero in on those that may pose a true and credible threat.
5. The "it's not my problem" syndrome
When a real security breach happens, enterprises need immediate help. Cybersecurity has become an incredibly complex and specialised technology niche. Companies with limited IT budgets need access to that expertise.
Unfortunately, legacy Managed Security Service Providers (MSSPs) only deliver notifications of breaches. They do not provide remediation assistance ("it's not my problem"). They have really Managed Security Alert Providers.
Other services do render help – if you are willing to pay a very steep a la carte price that is exacted right when a crisis is unfolding, and you have no choice.
Enterprises need help that is immediate, competent, and cost-effective. They need experts who will stick with the problem until it is fully resolved.
6. Responding the Disconnects
Cybercriminals' successes are increasing exponentially. Whether it is mining new vulnerabilities or exploiting abstracts on tried-and-true tactics, bad actors negatively impact businesses worldwide.
However, business leaders now recognise the dangers inherent in a growing threat landscape, that critical gaps can still exist in their cyber defence strategies.
To approach these issues, how organisations can best use their limited resources to stay ahead of the ever-evolving threat landscape, the following are three ideas for addressing disconnects in the cybersecurity strategy:
7. Eliminate the Weakest Links
Employees cause more than half of enterprise cyber breaches. This disconnect — between employees' role in cyber breaches versus mandated awareness training for all employees — increases organisations' vulnerability to attacks. No organisation has unlimited cybersecurity resources, so it is important to engage every team member defending the organisation. The more watchful eyes there are looking for anomalies and the fewer people who accidentally allow bad actors, the more secure the organisation will emerge.
Besides this, strong user authentication is also key to reducing data breaches from negligent employees. Establishing strong authentication and then training employees on their role in protecting the organisation will go a long way in cyber defence.
Closing the door on cybercriminals hinges on, in part, pinpointing the gaps in employee awareness training and overall cybersecurity strategy. Organisations can conduct an assessment of their technologies, controls, processes and procedures to identify gaps.
8. Tighten Response Capabilities
The strength of the cybersecurity capabilities can make or break the cyber defence strategy. From gaps in strategic direction to staff shortages, holes in cyber defences develop when cybersecurity teams do not operate effectively.
Focus on the essential issues such as strong access control and patch management. Though threats are many, they tend to attack the same kinds of vulnerabilities time and again. Configuration management with system hardening and restrictive use of administrative privileges will stave off most attacks.
Self-education is often seen as just part of the job. Continuous education comes in many forms — from e-magazines to conferences, to vendor presentations, to certifications. IT professionals should never pass up an opportunity to increase their knowledge of technical products and those products' concerns.
A winning security strategy is a constant challenge that will have many answers at its best. Cybersecurity's sweet spot is binary: continuous education and strategic alliances.
9. Form Strong Alliances
The constant pressure for cybersecurity to evolve makes it difficult for most organisations to stay ahead of the game — in either staffing or technology. Recognising and reacting appropriately to those gaps in an organisation's security capabilities has become a key leadership responsibility.
With their skilled cybersecurity staff and next-generation technology, cybersecurity consultants and managed service providers can help. Strategic alliances can enable the organisation to protect itself from emerging threats while concentrating on core business initiatives. A good strategic consultant can also assist an organisation in evaluating weaknesses and providing potential solutions.
For organisations looking at cost-effective options, third-party cloud services economies can provide affordable services. One idea here is to implement an effective strategy that leverages the automation and rapid innovations available through global cloud service providers.
Organisations have ever-greater options in cybersecurity technologies and practices designed to help them stay ahead of the bad actors. But even the most cyber aware organisation can still be found wanting. Only by eliminating gaps in cybersecurity strategies and practices can an organisation fine-tune its cybersecurity investments to protect against the next cyber attack.