The COVID-19 pandemic only underscores what we’ve already known for a while: The old approaches to cyber security aren’t good enough anymore. We need much greater agility - a honed ability to quickly adjust our sights and steer our way nimbly through the uncertainty of the current times.
That’s the basic problem of cyber security today, and it’s a problem addressed head-on in the recent 451 Research Pathfinder Report, Essential Building Blocks for the Next Era in Cybersecurity, by senior analyst Aaron Sherrill.
Sherrill outlines the business value of adopting cyber security best practices that meet the increasingly complex threat landscape of the future. Specifically, he argues that organizations must build robust automation & orchestration, threat intelligence capabilities, and collaborative knowledge-sharing systems to enable security teams to respond faster. Moreover, he believes organizations should shift their focus from prevention to detection & response with the help of Managed Detection and Response (MDR) services.
Organizations should shift their focus from prevention to detection & response with the help of MDR services.
Let’s have a look at some of the key “sticking points” in cyber security and the resources we have available for resolving them:
1. The Challenges of Rapid Digital Transformation
Many enterprises are finding that their organizations’ digital transformation and modernization processes outpace the ability of their security teams to adapt.
“97% of enterprises reported they are either underway with digital transformation or expecting progress in the next 24 months” and "87% of enterprises reported they are increasing security budgets by an average
of 22%" – according to 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads and Key Projects 2019 survey.
2. More & More Tools vs. Limited Human Resources
Security teams seem to have way too many tools deployed – tools designed to protect their organizations. But they are becoming overwhelmed by the volume of alerts they generate.
Even though enterprises are increasing security budgets by an average of 22%, most don’t have the human resources necessary to monitor, analyze and leverage the data provided by so many different tools. The setup is increasingly complicated, further reducing the expected benefits of the tools to the organization.
Human resources have long been a problem in the cyber security realm. Recruiting and retaining security expertise is one of the most difficult aspects of any cyber security program. In fact, over 61% of midsize and large enterprises believe their security staffing level is inadequate, according to 451’s VotE: IT Security, Organizational Dynamics 2019 survey.
3. COVID-19’s Work-from-Home Employees Create New Dangers
The coronavirus pandemic has created a reality in which most employees are connecting to their organizational resources remotely. Work from home is the “new normal.” Yet having remote employees also creates greater levels of cyber security risk.
Other areas that can be high risk from the perspective of cyber insider threats include: IT staff with elevated privileges (which are the greatest insider threat for most organizations), third-party suppliers, and vendors that can also be a target for attack and in turn increase risk for the organization. According to 451 Research, “organizations reported they are ill-equipped to deal with insider threats, and while not all cyber insider threats are intentional or malicious, all are dangerous.”
4. The Business Impact of Cutting-Edge Technologies
Artificial intelligence (AI), machine learning (ML), sensor-based technologies, virtual assistants, robotics, biometrics, connected devices, 5G and immersive media can provide enterprises with the agility they need for rapid detection and response to threats. These technologies can be leveraged to give enterprises a competitive advantage through the adoption of:
- Automation & Orchestration – which allow teams to scale and concentrate on productive, problem-solving activities
- Targeted Threat Intelligence & Analytics – which help teams stay ahead of attackers and proactively identify issues
- Collaboration – which involves information sharing and cooperation between all teams and stakeholders internally – as well as externally, with the broader community.
5. Positioning the Enterprise for More Agile Response
Not all attacks can be prevented. Being prepared to identify and remediate an attack quickly is key to limiting business disruption. The focus cannot be just on prevention but also on utilizing AI/ML, cyber threat intelligence, analytics, collaboration and human expertise to identify threats and respond at maximum speed.
Managed Detection & Response services can effectively help organizations create the necessary strategy and position themselves for effective threat remediation.
Being prepared to identify and remediate an attack quickly is key to limiting business disruption.
For a range of recommendations and considerations on how you can develop cyber security programs that can scale and flex against the unknown threats today and in the future, download the full 451 Research report. If you would like to speak to a CyberProof expert about our managed detection & response services, contact us today.