Cybersecurity is improving, but there’s more work to be done. The last few years have been tough for tech companies, as they’ve had to deal with prominent and much covered cyber attacks that have even seen the entertainment industry fall to its knees. As a result, changes have been made. Mainly, throwing money at the problem. And it’s working.
- Entertainment hacked: cybercrime’s new favorite hobby
- Entertainment hacked: how and why this is happening
A study made by consulting firm Accenture highlights the fact that investments in security are paying off. Organizations are gaining ground on cyber attackers: despite the number of ransomware attacks doubling, the affected companies have stayed their ground and proving that an effective defense is possible. Instead of one out of three attacks being successful, now only one in every eight ‘passes through’.
The battle is not over, however. It will never be. Companies will have to continuously invest and work to defend themselves while they incur in the actual businesses that make them function. They need to be resilient, in other words. But what is Cyber resilience? According to Accenture, every business that can bring together “the capabilities of cybersecurity, business continuity and enterprise resilience.”
Build on a strong foundation: Harden and protect core assets
Respondents to the Accenture survey confirmed that, on average, cybersecurity efforts only protect 67 percent of their organization, with malicious insiders being one of the top two threats. So, there is clearly more work to be done on protecting an organization’s most valuable assets from the inside out.
Identifying your high-value assets, the ones most critical to your operations, is essential. They’re subject to the most stringent regulatory penalties, and are the most important to your trade secrets and differentiation in the market.
Prioritizing legacy applications is important as well. If your high-value assets are on legacy systems, do not try to harden those assets all at once. Instead, layer in additional protection and increase visibility over control points or points of access until you migrate or modernize the legacy systems.
Finally, there’s no other way of saying this: you have to prepare for the worst. Transform your incident response plan into a crisis management plan—one that includes both business continuity and disaster recovery—that can be actioned quickly in a “worst-case” scenario.
Pressure-test your resilience: Coached incident simulation
Coached incident simulation—which is sometimes referred to as purple teaming—brings a new level of realism to testing defenses by building on the red team/blue team model. Threat intelligence and advanced adversary simulation techniques are used by the red attack team to raise the sophistication and realism of their tactics and targets.
Employ breakthrough technologies: Automate defenses
Many organizations may be spending too much on technologies that do not minimize the impact of cyber-attacks. Accenture has analyzed nine security technologies to better understand the effectiveness of investment decisions and areas where organizations can effectively free up investment capacity. Organizations were overspending on areas such as advanced perimeter controls, automated policy management and enterprise deployment of governance, risk and compliance.3 By rebalancing their funding and investing in breakthrough innovations, organizations have an opportunity to evaluate potential overspending in areas like these and create the investment capacity to deliver more positive value. The following are examples of breakthrough technologies that can make a difference.
Use intelligence and data to be proactive: Threat hunting
Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for the business. Organizations should not feel they can only activate their incident response plans in the event of a breach. Today, the best approach is to adopt a continuous response model—always assume you have been breached— and use your incident response and threat hunting teams to look for the next breach with the goal to “find them before they find you.”
Evolve the role of the CISO: Business leadership
The next-generation CISO (Chief Information Security) should be business adept and tech-savvy. With new reporting structures and elevated levels of governance within the organization, CISOs need to rethink their approach to the role.
There needs to be a new kind of CISO—one who is equally at home in the boardroom as in the security operations center. And one who can transform the role to organize and design cybersecurity programs for the needs of the intelligent enterprise, move from individual to shared accountability among senior management, and infuse a culture of cyber resilience across the organization.