“To know your future you must know your past.”
–George Santayana
Security and risk management teams have long paid heed to that maxim and gathered as much historical data as possible to drive current and future decisions.
This approach has helped guide compliance policies to keep the bad guys out. But is it the most effective way to address cyber risk? Is looking into the past, whether from a compliance standpoint or based on a previous incident, the only way to account for and reduce future risks?
Understanding the future of the cyber landscape should not only be based on past breaches, effective preventative controls, and not-as-effective controls, but also on a thorough analysis of the current landscape and the future direction of risks and effective mitigation.
My company took on this task, studying industry research and analysis and holding leadership discussions with numerous organizations, including new, mature, and growing customers, as well as strategic partners. We posed these questions: What is important to your organization? How are cyber risks identified/prioritized,? How are they effectively addressed? How does your organization determine risks to the success of its future business direction?
One thing is clear: The pandemic has changed the game. We identified several key factors in organizations that were able to successfully pivot and prosper during the COVID-19 crisis.
Here's what my team learned, which breaks down into for key focus areas for your cyber resiliency efforts.
Security operations
As critical as security operations center (SOC) teams are to the success of an organization, they are suffering from data overload, a lack of skilled resources, and a misalignment with business priorities.
However, through the power of contextualized and parsed events, real-time correlation, intelligent analytics, and automation, suspicious events can not only be flagged almost immediately, but contextual details can also be provided up front, along with response recommendations, a defined workflow, and automated response capabilities. That can make a junior SOC analyst look like a rock star.
In addition, hunt teams will be able to trust that what they are looking for will be effectively identified early in the attack lifecycle, reducing the manual effort required and allowing time for a thorough analysis of event logs instead of just firefighting. Frameworks such as MITRE ATT&CK are already embedded into the tools leveraged by the SOC, meeting security best practices and aligning with compliance needs.
Application security
Application security has historically been the Achilles' heel of an organization, with developers and security teams saying the other group was accountable for finding and addressing vulnerabilities in code.
Things were only complicated with vendor-developed apps, open-source components, mobile apps, containers, cloud-native apps, and DevSecOps.
Imagine if all of these potential areas of risk could be assessed, consolidated, and prioritized for the security team without changing the existing process for developers. Resilience could be built into the code from the ground up to reduce the risk of vulnerable code being released into production while still meeting the target release date and functionality requirements.
Imagine embedded analytics not only identifying potential risks, but also detecting previously unknown risks that could be exploited and then automatically fixing the vulnerable code and blocking attacks.
Identity and access management
Adversaries haven't relented during the pandemic, and besides their usual authentic-seeming phishing emails from trusted partners, customers, or vendors, they are deluging your users with hard-to-resist emails about the pandemic itself.
And with remote work being the new normal, these emails are now quite often arriving in personal webmail services, with no oversight from corporate systems. In short, employee identities are at risk of being hijacked more than ever.
Imagine being able to categorize the risk level of employees based on their previous activities and applying additional authentication controls if required. Managing hundreds to thousands of identities and policies across traditional, mobile, and cloud-based systems can be centralized to save hours of administrative overhead with the deployment of simple technology.
Data privacy and protection
Organizations are only as successful as the obtainable value of the data they collect, analyze, and act upon.
But adversaries are aware that organizations collect large volumes of data, including highly sensitive data, and will systematically test an organization for weak points to gain access to such data. There is no such thing as a silver bullet in security, but being able to build a data governance framework and then secure the sensitive data throughout its lifecycle significantly lowers an organization's cyber risk.
Imagine the ability to track all sensitive data regardless of whether it's structured or unstructured and tracking all of the identities that accessed the data.
Think bigger, short and long term
Given the new normal created by the pandemic, the questions we asked our partners and beyond were more relevant than ever. COVID-19 significantly changed the short-term and potentially the long-term plans for most organizations. Organizations that were not able to adapt their business to the new normal have struggled through the pandemic, while others have thrived.
It's time to enable the future of cyber into one based on resilience and success. Let's get started.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
