By S Kumar Subramania, Senior Vice President at MAST Consulting
Is the analysis and improvement of cybersecurity posture a human scale problem? Not really! For Information Security, or Infosec, to keep up with current threats and be future-ready as well, automation is fast becoming a must-have. Securing data is a time-critical issue. So, desirable outcomes – such as minimising the time needed to handle a threat, respond to an alert, remediate the problem, and managing the incident successfully – are all linked to the time taken, without any compromise on quality. Teams that try to discover and mitigate such vulnerabilities, using multiple tools and manual workflows, simply can’t keep up. According to a recent survey, ransomware cost businesses $133,000 per attack on average, in 2020, with 54% of organisations experiencing such incidents, during the year.
For a modern organisation, the enterprise attack surface is typically massive, as well as continuously increasing with routine processes and interactions. As far as the threats are concerned; those two are constantly evolving – often as part of the strategy employed by attackers trying to breach the enterprise. The average CISO can become easily overwhelmed by the responsibility to create and implement an InfoSec program, given the scope of systems and assets, and the need to stay one step ahead of threats – whether they are internal or external. The contemporary CISO is much better served by a model that consolidates cyber risks into a single reportable model; with real-time and continuous visibility into security concerns, and scorecards to gauge risk remediation performance, on a continual basis.
The challenges to optimising your Security Posture
There has been a near-universal ‘buy-in’ on maintaining a strong ‘Security Posture’, but beyond being a convincing catchphrase, this requires exhaustive transparency into all aspects, all nodes, and all assets, that are vulnerable to cyber-attacks – for even the most average-sized organisation, this is easier said than done.
Even if there are a few hundred assets within an enterprise, which need to be secured, it’s important to realise that the attack vectors for each a multiple – and constantly being tweaked and multiplied. The nature of the threat becomes more apparent, when one considers that, even many medium-sized enterprises are managing thousands of such assets – particularly with mobility now being a huge enabler of productivity, and a steep escalation in remote working, in the post-pandemic new normal. Even somewhat unrelated threats, such as cryptojacking, have escalated, with the meteoric rise in the valuation of cryptocurrencies, in recent months – leading to productivity and performance of IT assets being compromised.
Estimates of the cost of global cybercrime to organisations, at the end of 2021, are around the $6 trillion mark! Even more alarming is the expectation that the figure will be $10.5 trillion by 2025.
Identifying the priorities of the response
The modern CxO’s highest priority, in the Security Posture domain – is to achieve as many of the following capacities as possible:
- A Zero Trust Approach: Assumptions can be dangerous, in a cloud and mobility-enabled modern enterprise. Contextualised access, robust authentication, and making the presumption of human error are critical, for effective InfoSec.
- Optimal transparency: System scale and granular visibility is a must, to continuously prioritise and optimise an organisation’s security posture.
- Predictive Assessment: Monitoring, assessing, and predicting attacks – across the full cyber kill-chain – is crucial, for an organisation to remain one step ahead of malicious actors.
- Verifying Performance: Measuring and tracking security performance, using a risk-score based on proven methodologies – such as NIST, CVSS V3, and Microsoft DREAD – keeps the organisation agile, by identifying lagging areas.
- Prioritising Remediation: End-to-end visibility to exposures and risk leads to responses that are effective and appropriate to the threats.
- Predictive Solution Platforms: The greatest strength of the new generation of predictive InfoSec platforms is that they can seamlessly integrate multiple security vendors’ solutions – from vulnerability scanners to SIEM and SOAR solutions – resulting in an agile and future-ready approach to securing assets and data.
Taking the Integrated Managed Security Platform option
Having elaborated on the nature of threats, as well as the desirable InfoSec outcomes for the contemporary organisation; the need to automate these capabilities should be obvious. But the most conclusive argument, in this regard, is that the cybersecurity threats are evolving at a breakneck pace; with cutting-edge technologies being employed more and more by malicious actors, as the ‘rewards’ for such attacks mount into the billions.
Retaining the ability to identify, assess, and respond to such threats requires a highly agile and responsive security posture; and the only viable way for an organisation to do this consistently, every single time, is to adopt an automation platform-based cybersecurity posture. Such an automation platform-enabled approach gives enterprises a comprehensive – and constantly increasing – set of use cases, which can be processed, understood, and used to reduce cyber risk, and improve resilience. The best designed of these Integrated Managed Security Platforms – or IMSPs – may offer services specialised in discovering threats, assessing and improving security posture in real-time, prioritising weaknesses to address, and mitigating unseen vulnerabilities fast and effectively, by using specialized AI, automation, and gamification based tech, to achieve a state-of-the-art cybersecurity posture.