The Microsoft zero-day Exchange server vulnerability in March 2021 created a perfect situation for hackers to exploit organizations across the world. Soon after the exploit was made public, the software giant released a patch on March 2, 2021. However, even by March 24th, 92% of vulnerable Exchange servers were patched and/or mitigated. While zero-day exploits have large financial and operational repercussions, they are impossible to predict. However, it is possible to prevent attacks after the patches have been released. Unfortunately, several organizations fell prey to this exploit because they had sub-optimal methods to implement the patches. Almost every organization has cybersecurity tools in place for precisely such an event – but, what most organizations do not have is the visibility of the impact a cyber attack can have on their organization (the dollar value loss) and the ability to correlate detection with remediation.
Akin to astronauts in space who have to actively focus their mind on individual muscles and exercise them to prevent muscle atrophy (since there is no gravity in space), cybersecurity today is missing a mind-muscle connection! Owing to this, enterprise cybersecurity is atrophying at a rate that is invisible at an organization level but is leaving vulnerabilities unaddressed – thereby inviting cyber breaches. In 2020 alone, U.S. organizations wasted $259 per desktop or $30 billion on unused “shelfware” software. On average, enterprises deploy 45 cybersecurity-related tools (the muscle)… However, there is a definite lack of cohesiveness in determining what is going well and what could be better (the mind). To put it in perspective, enterprises that deploy over 50 cybersecurity tools rank themselves 8% lower in their ability to detect threats than other companies employing fewer toolsets!
Tools, Talent & Technique: the missing link in cybersecurity
Enterprises have to constantly keep up with evolving threats and continue to develop methods that prevent and detect threats, and remediate the cause. This requires significant Talent and Tools, or in other words – workforce and investments. Armed with the latest tools and cutting-edge technology, the decisions to patch or delay remediation are often made by individuals with specialized training. However, despite the most judicious Talent and advanced Tools, if an enterprise’s Technique to approach threats is subjective and jargoned, it has a higher probability of being breached.
This is where digital business risk quantification helps by objectively measuring the effectiveness of each cybersecurity product across the enterprise. While enterprises leverage tools for each vector, they are seldom viewed as a part of holistic enterprise cybersecurity. A siloed approach between people, process, technology, and poorly managed cybersecurity products is often the root cause of cyberattacks. Quantification based on correlation creates an underlying neural link that can help build the mind-muscle connection and that most enterprises today are missing. It does so by studying the gaps and overlaps between the effectiveness of the different cybersecurity tools in an enterprise environment. In the process, the organization’s cybersecurity team is able to leverage such platforms to derive prioritized and actionable insights.
IBM’s Cyber Resilient Organization Report says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%. To know how the cybersecurity services, tools, XDRs, EDRs, and outside-in or inside-out protocols are improving an enterprise’s cybersecurity, its cyber risk status needs to be evaluated before and after implementing the tools. De-jargonization involving the siloed technical details can be performed with the help of a definitive, objective, and consistent risk metric – that is enterprise-wide, objective, assessed (and reported) in real-time on a single dashboard. This quantification will translate into a consistent language across the Board, Security teams, Customers, and all stakeholders as the ultimate answer to the question – “How secure are we, today?”
A mathematical bayesian-network based algorithm analyzes every tool in the cybersecurity ecosystem to create a ‘neural link’ that correlates the current cyber risk posture to the expected and acceptable risk posture. It also helps determine the cyber risk tolerance of each enterprise based on various intrinsic parameters including People, Processes, Technology and Third-Party, and extrinsic factors such as Geography, Industry, and Size. Based on the input, this platform can even suggest ‘must-have’ and ‘good-to-have’ products that will elevate the enterprise’s cybersecurity posture. Using machine-learning and AI-enabled bayesian-network-based cyber risk platforms reduces the ambiguity and has advantages over manually correlating different alarms from various cybersecurity products. The beauty of the Bayesian network is that it generates a result even with a single input. However, the ‘confidence metric’ of the result is directly proportional to the number of input parameters. In other words, an increase in the number of signals being fed into the network will directly influence the accuracy of the generated probability of a breach.
Correlating products that add value to a planned cybersecurity strategy vis-a-vis those that don’t is a step that is extremely important, yet often overlooked. Simplification of cybersecurity can help remove (or add) cybersecurity tools without diminishing the enterprise’s current cyber risk posture or negatively impacting the budget. As Steve Jobs had said; “Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.”
The author is Saket Bajoria, VP- Product Management and Customer Success, Safe Security.