Studies have shown that companies frequently utilize in excess of 70 different security vendors. Not only does this create massively complex IT environments, but it is expensive and very difficult to manage.
Last year at the Berkshire Hathaway annual shareholders meeting, the Oracle of Omaha, Warren Buffet, proclaimed, “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” He ranked cyberattacks above the threat of nuclear and biological warfare. The admission endures at a time when cyberattacks continue to spike. Cyberattacks are projected to cost companies $6 trillion annually by 2021, according to Cybersecurity Ventures, and the market to defend systems, software, and applications is expected to reach $1 trillion within the next three years.
Plenty of vendors have risen up to take advantage. Estimates on the number of companies offering cybersecurity solutions range from 1,500 to well over 2,000. This makes the sea of options very difficult to wade through and differentiate at a time when cyber challenges grow increasingly complex. It also results in companies cobbling together a huge number of products and services that don’t necessarily integrate in a desperate bid to protect their networks.
Studies have shown that companies frequently utilize in excess of 70 different security vendors. Not only does this create massively complex IT environments, but it is expensive and very difficult to manage. This leads to problems like the Ponemon Institute found in its 2017 Cost of Data Breach Study in which companies reported that it took an average of 191 days for them to identify a data breach and another 66 days to contain a breach. These delays underscore how IT departments not only struggle to find problems but also have difficulty containing and fixing them once they are detected. Let’s reflect for just a minute on all the damage that could occur during those months while an attack goes unrecognized. The costs to companies could easily exceed millions of dollars.
Rip off the Band-Aid
This leaves us with thousands of vendors selling security solutions and companies spending record amounts on cybersecurity initiatives yet still grappling with identification and remediation of threats and attacks. This would be easier to wave off if attacks were slowing down, but they are not. This year, 46% of U.S. organizations have already experienced a data breach, which is nearly double (24%) what it was in 2017. Attacks continue to accelerate at an unprecedented rate. In fact, Cybersecurity Ventures predicts that by the end of 2019, a ransomware attack will occur every 14 seconds, which is staggering when you consider that in 2016, the average was every two minutes (still pretty bad).
I could throw scary stats out all day long to demonstrate the gravity of the situation, but one fact is clear: What we are currently doing is not working—despite all of the money and technology being thrown at cyberattack problems. Instead of slapping on a Band-Aid, we need to change the entire way we think about cybersecurity. The fact of the matter is that threats are changing so fast in form and function that companies can’t keep up today. Not only are the nature of attacks persistently evolving faster than enterprises can adjust, but the sheer volume of attacks leaves companies panicked and underprepared.
Developing Your Cyber Defense Force
The ever-changing security threat landscape has become the number one concern for endpoint security buyers according to Gartner. In this year’s Third Annual Study on the Cyber Resilient Organization, 77% of IT professionals reported that their companies do not have a formal cybersecurity response plan. This must change.
Organizations have to accept that attacks will happen, that despite all of their great defenses, issues are bound to slip through. The expectation that something will infiltrate the network, infrastructure, or an employee device must become the norm, and they need to train for what happens when it does. Think of your SecOps team as your very own special forces of sorts, constantly vigilant, set to defend, and ready to respond creatively and rapidly in the event of an attack.
To make identification and remediation of security vulnerabilities and issues as simple as possible, there are three key areas that must be priorities for your defense forces moving forward. While I will dive into each one specifically in subsequent articles, at a high level they are:
- Peer deep: Get visibility of all endpoints—and do so at scale. You have to be able to see what’s happening all across the network. And, here’s the kicker: It needs to be in real time. If data is not current, the potential remains for a system, machine, network, or device to be compromised, and you will lose time fixing it. You also need to view and analyze historical data to identify when issues occurred and how long they impacted your organization.
- Act fast: There must be a plan in place to address an issue at the moment it arises—not days, weeks, or months down the line. Quarantine systems. Shut them down. Contain, contain, contain. Be sure there is a process to take care of any vulnerabilities in real time—one that can instantly scale across all your organization’s endpoints if needed without negatively impacting the network or end users.
- Adapt easily: Today’s environment requires the flexibility to rapidly respond to security issues in seconds. The security products you choose to help you respond shouldn’t require time-consuming coding and testing every time you need a new containment or remediation workflow created. They should easily and intuitively enable you to take action against new threats and unexpected attacks. With so many different security solutions at work in your environment, it is also important to identify platforms that are adaptable and that can integrate easily with the security products you already have in place.
These are strange and dangerous times, but they are not insurmountable. As Seattle Seahawks quarterback Russell Wilson likes to say: “The separation is in the preparation.” By evaluating and adopting endpoint visibility and control solutions, organizations can discover new ways to mitigate and respond to cyberattacks. Once companies switch from an “if” to a “when” mindset, they can finally mount meaningful defenses that will rip off the Band-Aids and enable them to tackle future security issues head-on.
This article is presented as first published in ITProPortal.