Cybercriminals’ successes are escalating. Whether it’s mining new vulnerabilities or exploiting twists on tried-and-true tactics, bad actors are negatively impacting business worldwide.
But while business leaders now recognize the dangers inherent in a growing threat landscape, critical gaps can still exist in their cyberdefense strategies. In the latest AT&T Cybersecurity Insights report, about 80 percent of surveyed organizations acknowledged that they had been impacted by a cyberbreach in the past 12 months. Clearly, enterprise needs to do more to help reduce their risks.
We asked cybersecurity experts and practitioners for their advice on how organizations can best use their limited resources to stay ahead of the ever-evolving threat landscape. Three ideas for addressing disconnects in cybersecurity strategy emerged.
- Eliminate the Weakest Links
Employees cause more than half of enterprise cyberbreaches, according to a 2016 Ponemon study. Yet, the AT&T report revealed that only 61 percent of respondents require cybersecurity awareness training companywide. This disconnect — between employees’ role in cyberbreaches vs. mandated awareness training for all employees — increases organizations’ vulnerability to attacks.
Wayne Sadin advises a shift to valuing employees as an extension of the cybersecurity team. “No organization has unlimited cybersecurity resources, so it’s important to engage every team member in defending the firm. The more watchful eyes we have looking for anomalies and the fewer people who accidentally allow bad actors in, the more secure we all are,” says Sadin (@waynesadin), COO and CTO at Affinitas Life.
Strong user authentication is also key to reducing breaches from negligent employees. Establishing strong authentication and then training employees on its role in protecting the organization will go a long way in cyberdefense.
“Organizations should focus first on protecting heartbeat user identities with strong identity governance, multifactor authentication and privileged command escalation roles,” says Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners.“Nonheartbeat users, such as service accounts and shared accounts, require protection levels that include vaulting and automatic password rotation, on a defined schedule.”
Closing the door on cybercriminals hinges on, in part, pinpointing the gaps in employee awareness training and cybersecurity strategy overall. “Organizations can conduct an assessment of their technologies, controls, processes and procedures to identify gaps,” says Eric Vanderburg (@evanderburg), Vice President of Cybersecurity at TCDI . “Each gap should then be classified according to risk and cost.”
- Tighten Response Capabilities
The strength of your cybersecurity capabilities can make or break your cyberdefense strategy. From gaps in strategy direction to staff shortages, holes in cyberdefenses develop when cybersecurity teams don’t operate effectively.
“Information security teams must focus on their core risks and do everything to ensure they don’t become victims,” says Ben Rothke (@benrothke), principal security consultant at Nettitude. “Focus on the essential issues such as strong access control and patch management.”
David Geer agrees. “Though threats are many, they tend to attack the same kinds of vulnerabilities time and again,” says Geer (@geercom), a technology content consultant. “Configuration management with system hardening and extremely limited use of administrative privileges will stave off most attacks.”
Unfortunately, the U.S. has a skills gap of 300,000 cybersecurity experts that makes hiring staff with the needed skills costly as well as difficult. A suggested strategy meant to address the consequences of staff shortages: continuing education.
“Any well-read and well-researched ‘do-it-yourselfer’ who is persistent and resourceful can effectively secure their company’s infrastructure cost effectively,” says Robert Siciliano (@RobertSiciliano), CEO at IDTheftSecurity.com Inc.
Self-education is often seen as just part of the job. “Continuous education comes in many forms — from e-magazines, to conferences, to vendor presentations, to certifications,” says Christopher Steffen (@CloudSecChris), technical director at Cyxtera. “IT professionals should never pass up an opportunity to increase their knowledge on technical products and the concerns with those products.”
For some, knowledge and gumption mixed with a bit of genius is the solution for today’s shortage of trained staff.
“Use the approach employed by Matt Damon’s character Dr. Mark Watney in the movie ‘The Martian’,” says Rothke. “He was forced to rely on his ingenuity and wit to survive until he could be rescued.”
A winning security strategy, though, is a constant challenge that at its best will have many answers. For Steffen, cybersecurity’s sweet spot is binary: continuous education and strategic alliances.
- Form Strong Alliances
The constant pressure for cybersecurity to evolve makes it difficult for most organizations to stay ahead of the game — in either staffing or technology. Recognizing and reacting appropriately to those gaps in an organization’s security capabilities has become a key leadership responsibility.
With their skilled cybersecurity staff and next-generation technology, cybersecurity consultants and managed service providers can help. “Strategic alliances can enable the organization to protect itself from emerging threats while concentrating on core business initiatives,” says Steffen. “A good strategic consultant can also assist an organization in evaluating weaknesses and providing potential solutions.”
For organizations looking at cost-effective options, the economies of scale of third-party cloud services can provide affordable services. “To protect your company from cybersecurity threats on a limited budget, consider cloud services and platforms where leading vendors give you the benefit of their excellent practices and tools,” says James Townsend (@jamestownsend), president at InfoStrat.
“Implement an effective strategy that leverages the automation and rapid innovations available through global cloud service providers,” says Kevin Jackson (@Kevin_Jackson), director of cloud solutions and technical fellow at Engility Corporation. “They have the resources and motivation to keep your data protected against the ever-changing threat.”
According to Hugh Njemanze (@Anomali), CEO of Anomali, a number of open source offerings are also available. “These tools not only help organizations limit cybersecurity technology spending, but help to automate and streamline detection, analysis and response to threats, ultimately removing some of the burden from small security teams with limited bandwidth,” he says.
Organizations have ever-greater options in cybersecurity technologies and practices designed to help them stay ahead of the bad actors. But even the most cyberaware organization can still be found wanting. Only by eliminating gaps in cybersecurity strategies and practices can an organization fine-tune its cybersecurity investments to help protect against the next cyberattack.