As more and more businesses are adopting digital transformation, the need for robust and effective cybersecurity systems has never been greater. However, many organizations are still struggling to keep up with the latest threats, largely due to the enormous challenges involved in implementing such systems. Thankfully, there is a new way to approach cybersecurity that is quickly gaining traction among businesses of all sizes. This approach, which I call the "cybersecurity paradigm to performance paradigm", involves transforming the way we think about cybersecurity and performance. By breaking down the traditional barriers between the two disciplines, we can create a more holistic and effective approach to cybersecurity.
Making cybersecurity systems 100% performance oriented
Solutions in the cybersecurity world tend to be addressing a specific risk or control. More often, they either become redundant or irrelevant owing to the change in business strategy or dynamics. Organizations are normally hesitant to migrate out of a security solution as they do not necessarily have sufficient metrics to calculate the effectiveness of a security solution or system. Thus, security teams, before deploying a solution, should document and metricize the value proposition of a security system so that they can continue to periodically measure its effectiveness. For instance: if your organization has an anti-malware solution, some of the metrics that can be considered are:
- Number of Zero-day vulnerabilities detected or addressed by the solution
- How fast does the vendor provide custom signatures
- How easy is it to identify a system that is infected and quarantined
With threat actors coming up with newer types of malware every day, a traditional “Anti-malware” solution that only uses a signature-based approach for malware detection may not be sufficient. Organizations should evolve their detection and mitigation strategies to keep up with the trends prevalent across the world for identifying this next-generation malware.
Thus, security team(s) in an organization should continuously monitor the industry trends and identify the gaps in process, skills, and technology in relation to these new trends. Once these gaps are identified, arrive at a clear action plan to improve the areas found to be lacking with clear milestones and metrics to measure it effectively.
Security strategies to prepare for the future of work
Some organizations have recognized that the future of work is SaaS and thus embraced the “cloud first” approach in all their system/application purchases including security solutions. This allowed their security strategy to be nimble and adaptive to organizational needs. When the pandemic struck the world, these organizations were able to rather quickly address the newer risks emanating from employees working from home either by augmenting existing solutions with additional features or onboarding technologies. Implementing “Zero Trust” architecture should be paramount and detection and response strategies should not restrict security teams to monitoring only critical infrastructure but every end user. Email and chat continue to be top sources of breaches across the world. Millions of users across the world continue to fall prey to various such attacks. More often, these emails/chats look innocuous. However, they either contain a malicious link or attachment that can compromise the security of the organization. Therefore, CISOs must leverage various industry standard tools to mitigate this risk and continue to do so. Security leaders must realize that with the growing advent of work from anywhere trend, employees are more prone to cyberattacks than ever. Thus, organizations must continue to identify and implement solutions and processes to reduce this risk or attack surface. Organizations must also invest significantly in educating their employees to help them remain abreast of these newer threats and vulnerabilities.
Challenges and solutions in modernizing cybersecurity practices
Cybersecurity has always been playing a “catch-up game” with respect to the evolution of technologies. Security leaders and teams should accept the fact that this game is never going to change unless technology solutions manufacturers or providers factor in and address all possible security risks while they design or develop their products. For evaluating or deploying newer security solutions, organizations should look for solutions that can integrate with their existing solutions rather than looking at solutions that work in silos. Security teams should also start looking at integrating all their key security solutions to enable them to detect and respond to incidents faster. Security incident response testing exercises should be periodic and should not just be restricted to address compliance requirements. Leaders must conduct periodic “Red teaming” and threat hunting exercises to help identify areas of improvement both from a technology as well as process perspective.
Conclusion
With the evolving technological landscape, security teams should realize that there will never be a security solution that does not generate “noise” and thus should constantly fine-tune these solutions to allow them to “separate grain from the chaff”. They should also recognize that no solutions can work on “auto-pilot” mode. It is critical for organizations to ensure they measure their cybersecurity effectiveness on a regular basis, in order to ensure a unified and more relevant cybersecurity strategy for the long run. Security teams should start reimagining and redesigning their security systems to be future-ready, as, with each passing day, companies are coming closer to cyber vulnerabilities.
The article has been written by Satya Machiraju, VP, Information Security, Whatfix