This blog was contributed by Tatianna Harris, Enterprise Marketing Manager at Cybrary.
Threat actors depend on the element of surprise — the ability to sneak into networks undetected or misdirect security teams in one infrastructure area while they infiltrate another. And despite increasing infosec investment, the problem is getting worse: As noted by HelpNetSecurity, 64 percent of organizations described themselves as — at best — only “somewhat confident” in their current security posture, and highlighted lack of cybersecurity visibility as their top concern.
In fact, just 48 percent of organizations said they had continuous visibility into high-risk areas affected by threats such as phishing and ransomware. The result? When it comes to cybersecurity, what you don’t know can hurt you — and can cause significant problems for critical business operations.
But it’s not all bad news. With the right approach, IT leaders can help ensure that infosec teams are equipped with the information they need to tackle current threats, the tools they need to frustrate future compromises and the skills required to minimize attack impacts anytime, anywhere.
Out of Sight, Top of Mind
Cybersecurity spending is predicted to jump 10 percent in 2021 as companies deal with post-COVID infosec concerns and staff slowly return to physical offices and interactions. From shoring up in-house connections to providing better coverage for personal devices used to streamline remote work, there’s no shortage of mission-critical tasks to complete.
But as noted by the World Economic Forum, this new IT landscape comes with an emerging challenge: Complexity. As companies shift more workloads and services to the cloud, embrace the need for continuous connectivity and look to leverage the potential of new solutions such as machine learning and AI, complexity is on the rise. Increasing IT scope and scale, however, comes with a commensurate lack of sight — when applications and storage services are no longer managed in-site and in-house, IT transparency suffers.
Robust regulatory and compliance legislation also poses a challenge: As frameworks including GDPR, the California Consumer Privacy Act (CCPA) and China’s Cybersecurity Law continue to evolve in response to global economic and social forces, organizations are obligated to deliver due diligence around all security controls and operations — a tall order if they lack visibility into existing systems and services.
Unpacking the People Problem
While increasing IT complexity and evolving regulations set the stage for struggles with effective IT sight, businesses also face a bigger issue: Insider compromise. As noted by Forbes, staff are often the unwitting avenues used by malicious actors to gain network access. In most cases, employees have no intention of exposing digital assets to IT risk — instead, they’re manipulated by malicious actors into handing over credentials or downloading infected attachments.
Consider a targeted phishing attack. Cybercriminals start by carrying out social reconnaissance that identifies target email addresses and corporate positions and gleans any information possible from public social media. Then, they create a competent and convincing message that convinces staff to provide their access credentials. Finally, they gain system access, lock out legitimate users and begin setting up shop with everything from malware payloads to advanced persistent threats. Even more worrisome? So long as attackers are cautious and careful, this compromise can go undetected for days or weeks — in 2020, companies took 280 days on average to detect, contain and mitigate an IT breach.
Achieving 20/20 Vision
So how do IT leaders keep their teams on track and ensure they’ve got the best chance of spotting security threats before they become serious problems?
Here, a three-step approach offers the quickest way to improved insight:
Pinpoint your risk
Security risk varies by company, industry, size and current IT infrastructure. As a result, organizations should take time to consider their current risk position and identify how attackers will most likely target the organization. For example, if your security team reports a significant increase in phishing attack efforts, it’s worth targeting both employee training and more robust protection policies — such as 2FA — to help mitigate specific risk.
Prioritize your gaps
Where does your security team excel, and where are they struggling to keep up? With many infosec teams now composed of both experienced industry personnel and “new collar” workers who have been promoted from within the organization, it’s worth leveraging a robust skills tracking and training framework that makes it easy for leaders to see what skills they have, what skills they need — and how they can quickly bridge the gap.
Plan your response
No defense is perfect — and no company is immune to cyberattack. As a result, it’s essential for companies to create an incident response (IR) plan that lays out specific tasks for IT pros in the event of an attack, includes detailed containment and mitigation actions and identifies key metrics such as recovery time and recovery point objectives (RTOs and RPOs). Also critical? Regular IT plan testing to ensure it meets current risk challenges and aligns with existing skill sets.
What You See is What You Save
While it’s impossible to stop every attack and avoid every threat, increased visibility significantly increases your chances of coming out the other side of a cyberattack with minimal damage and maximum insight. Streamline your security sight by pinpointing risk, prioritizing your skill gaps and planning your response to reduce total risk — and broaden your IT horizons.
Resources
https://www.helpnetsecurity.com/2020/07/22/cybersecurity-teams-lack-of-visibility/
https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to
https://www.weforum.org/agenda/2021/01/top-cybersecurity-challenges-of-2021/
https://www.forbes.com/sites/forbestechcouncil/2019/01/29/the-largest-security-risk-to-your-organization-and-how-to-fix-it-for-free/?sh=72980286476b
https://www.ibm.com/security/data-breach
###