The classic approach of detecting attacks and then reacting to them reaches its limits in a digital world. A multitude of threats and increasing complexity can no longer be controlled in this way. Following our Digital CIO ThinkTank in cooperation with Skybox, we wanted to know from Skybox experts Elma Celik and Michael Gabor what options there are to ensure compliance and security under these conditions.
What impact do you think the Covid19 crisis will have on compliance and cyber security in the company?
The frantic shift to support a remote workforce and operations – sometimes within 24 hours – has introduced new risks for organizations in this time when cybercrime is on the rise. The rapid expansion to cloud and accelerated growth of IT assets, together with a severe shortage of security personnel, leaves organizations struggling to deal effectively and proactively with potential attacks that could significantly damage their business and reputation. For example, initial lockdowns forced many organizations to adopt new solutions and collaboration tools (e.g., Microsoft Teams, Slack, or Zoom) to accommodate employees and customers during the critical period. This rapid-pace adoption exposed several shortcomings associated with the remote workforce’s home networks and routers – a significant concern considering the WHO’s report that there has been a five-fold increase in cyberattacks during 2020.
Research from Skybox Security shows that this move to remote working is here to stay – 70% of cybersecurity practitioners believe that at least a third of their workforce will still be remote 18 months from now.
This means that already-stretched security teams will have to manage existing responsibilities while supporting the new digital transformation initiatives that will play a crucial role in maintaining business continuity.
We have also seen the digital transformation programs gain pace. Businesses have had to adapt rapidly to maintain continuity during 2020. Many industries fast-tracked their digital initiatives, and organizations of all types turned to digital platforms to provide goods and services. Tata Consultancy points to 90% of organizations either maintaining or increasing their transformation budgets despite 68% of companies experiencing revenue declines amid COVID-19.5 Further, IDC predicts that 65% of the global GDP will be digitized by 2022, driving $6.8 trillion of IT spending between 2020 and 2030.6 For the Chief Information Security Officer (CISO) and their security team this means they now have a lot more to protect – more access points to configure, more technologies to secure, and more changes to properly validate.
But the reality is that many organizations aren’t able to keep pace with the rapid changes forced upon their security function. Current security practices need to change. In a post-pandemic era, what was once ‘good enough’ will no longer suffice. Massive fragmented networks, decentralized, inconsistent configurations and change management processes, unsafe cloud and network configurations, and the continual increase in vulnerabilities have created the perfect storm.
How can a CIO maintain a sufficient overview of risks and compliance violations in a hybrid and complex environment?
It is clear that traditional approaches to managing cybersecurity rooted in detect-and-response no longer apply within the current security context. Instead of basing their security programs on detecting threats at the extremities of the network perimeter, many are developing proactive capabilities that better enable them to prevent threats. This approach is centered on visibility, context-rich insights, focused automation, and data integration across their entire fragmented estate.
Nachhaltigkeit, Leadership, Collaboration, Data-Driven Business, Cyber Security, Kulturwandel sowie die wichtigsten IT-Management Events im DACH-Raum. Abonnieren Sie den Confare NEWSLETTER – Gemeinsam. Besser. Informiert. Wir halten Sie auf dem Laufenden.
Here’s a six step guide to security transformation:
Evolve the tech stack
To maximize investments, security leaders need to evolve their technology stack to deliver critical business outcomes and long term value. When CISOs are dealing with bloated stacks that deliver restricted value, they can devote too much time to trying to fortify legacy infrastructure when the focus could be better placed elsewhere. Rather than buying point solutions that tackle hyper-specific security issues, CISOs need to build technology stacks that provide a holistic understanding of their infrastructure. When looking at which technology to invest in, CISOs need to prioritize solutions that enable them to integrate data, gain visibility of all vulnerabilities and assets within their expanded infrastructure, and deliver insights that will empower them to take decisive action.
Gain full network visibility
Security and IT organizations need complete visibility and analytics to quickly map, validate and remediate vulnerabilities across all networks, cloud environments and endpoints wherever they are. This is not an easy task. It requires establishing a mature and tightly connected security management framework that spans across planning, implementation and ongoing change management workflows.
Eliminate silos
By unifying vulnerability and policy management capabilities with the aggregation of data sets from a wide range of security, cloud and networking technologies, teams can validate network, cloud and security configurations together to remediate vulnerabilities faster. Gaining insights also helps them to break down silos to understand the big-picture view. To advance change, it is integral that everything – including data and talent – is working towards enriching the security program as a whole. Insights that show how each process connects and can demonstrate progress will be invaluable in achieving this.
Make changes with context
To ensure security policy changes are adequately analyzed and properly deployed without introducing new risks, organizations need context-aware change management that coalesces the decision-making process across enterprise security and network teams. To ensure policy changes are adequately analyzed and properly deployed without introducing new risks, organizations need prescriptive analytics to quickly map and remediate vulnerabilities while making rule changes that approve overall security.
Introduce targeted automation
By leveraging automation, organizations can strengthen their security postures and help optimize and control their increasingly complex infrastructure, both on-premises and in the cloud, while efficiently meeting key compliance requirements across any environment. Automation can clean up and optimize firewalls, spot policy violations, ensure proper segmentation, assess vulnerabilities without a scan, match vulnerabilities to threats, simulate attacks, proactively assess rule changes, and more. It also right-sizes resources, freeing up talent to focus on supporting more strategic business initiatives.
Remediate based on exposure
Once visibility is achieved, it is important to build capabilities to discover all vulnerabilities within the security environment. This can be achieved when disparate data repositories are brought together with data normalized and modeled to infer the presence of vulnerabilities.
Insights should then be enhanced with more information from a wide range of sources to better understand the implications of current vulnerabilities. All of this information should be used to determine how exposed the vulnerability is within a network by simulating attacks on the network model created during the initial visibility phase.
With effective discovery and prioritization practices in place, organizations are left with a smaller and more manageable number of vulnerabilities that they know require immediate attention. Vulnerabilities on important assets, exposed to a threat origin, and with an active exploit are top priorities. At this stage, security practitioners are better able to focus remediation where it’s needed most.
Why is it so important to centrally manage these areas?
If the CISO, working alongside the CIO, is able to address these challenges, then we are going to see the emergence of stronger, more resilient security programs. The CISO will be focused on developing a holistic view of their fragmented environment, one that enables them to see the bigger picture and limit opportunities for increasingly-energized threat actors. This will allow them to be confident in their ability to avoid regulatory fines, significantly limit the chance of falling foul to a data breach or ransomware attack and allocate more resources to focus on securing digital transformation.
What are the strengths of Skybox solutions?
To reduce systemic risk, Skybox provides security and network teams with context-aware attack surface management, which is based on the ability to analyze and validate network, cloud, and security configurations together to proactively gain full context and understanding of their attack surface before changes are made. Teams can then collectively make well informed decisions and changes that solve security issues better and faster.
The Skybox Platform also unifies vulnerability and policy management capabilities with the aggregation of data sets from a wide range of security and network technologies, allowing teams to quickly map out and close vulnerabilities while making policy and rule changes that truly improve overall security.
Skybox helps enterprise teams reduce systemic across their entire organization with a mature and tightly connected security management framework so planning, implementation, and ongoing change management teams can collectively attain the best overall security posture.