Cybersecurity strategies and technologies have been improving, but so have the threats. This reality is perfectly captured in the 2021 Cybersecurity Impact Report, which says that 90 percent of organizations believe their security posture has improved but 86 percent also say that they encountered serious security breaches over the past year.
Enterprises seem to have overestimated their improvements or relied too heavily on their new cybersecurity investments. Many appear to have belatedly realized that they were not doing enough for their security or they may have not been doing things right. It’s worth noting that the 86 percent who said they became victims of cyber attacks suffered incidents “so severe that required a C-level or Board meeting.”
Organizations are seeing significant cybersecurity posture failures even when they are already doing something about the need to improve their cyber defenses. What could have gone wrong? What needs to be done? Discussed below are some of the best ways to address enterprise security failures.
Improving security posture management with the right tools
There are many instances when security breaches could have been avoided or arrested before they could break through security controls. The problem is that organizations do not have the right system or mechanisms to do it. Even their security professionals may be unable to spot vulnerabilities and respond to incidents promptly because of the lack of a good strategy and the confusion caused by having a multitude of security controls and an endless stream of unsorted security alerts.
A failing security posture needs to be corrected or improved, and one of the best ways to do it is by using an enterprise security posture management platform. Organizations employ different cybersecurity solutions to address email gateway, web gateway, endpoint, data exfiltration, and various other threats. A security posture management tool can bring all these security controls together for easier monitoring and management. It enhances security visibility to allow organizations to proactively deal with risks and attacks.
It is possible to come up with a custom or self-styled security posture management system, but many organizations likely do not have the expertise and resources to develop their bespoke platforms. Turning to third-party security management solutions is not a bad idea as long as the options are limited to those that have a proven track record and expertise in cybersecurity.
A good security posture management platform can help in evaluating the existing security system to find defects and insufficiencies and introduce the necessary tweaks, improvements, or in some cases, replacements. The platform usually consists of multiple tools that work together to deliver significant improvements.
Going back to the cybersecurity impact report, it is worth noting that organizations primarily attribute the security breaches to the growing sophistication of the attacks. They may have improved their defenses, but bad actors have outperformed them in coming up with more complex attacks not easily detected by existing security controls.
The report, however, did not explore in-depth the security validation factor. Often, the security solutions of organizations fail because they have not been stress tested. They could be in need of tweaks, configuration correction, updating, optimization, and other adjustments to make sure that they work optimally.
Security testing can be undertaken in a number of ways. One of the conventional options is doing traditional pen testing, wherein white hats are hired to attack an organization’s security controls to determine their efficacy and find ways to improve them. Traditional methods, however, are already being phased out as they leave much to be desired.
Nowadays, cybersecurity professionals recommend the use of more advanced strategies such as breach and attack simulation (BAS), automated red teaming undertaken continuously, and purple teaming.
- Breach and attack simulation is designed to emulate what happens in an actual cyber attack situation particularly on an end-to-end basis. It is designed to enhance security visibility and expedite the remediation of problem areas. It seeks out misconfigurations, security control deficiencies, and other security gaps. BAS is one of the fastest-growing cybersecurity sub-markets, projected to grow at a CAGR of 33.2 percent for the 2020-2025 period.
- Continuous automated red teaming is a considerably revved-up version of penetration testing. Designed to optimize security defenses, it reduces attack surface risk especially for organizations that are using the cloud or implementing multi-cloud and hybrid environments. It can be integrated with the MITRE ATT&CK framework to further enhance its ability to spot security problems and help improve the overall security posture.
- Purple teaming, on the other hand, entails the evaluation of an organization’s security posture with an emphasis on the adversarial perspective. Instead of setting up defenses that are purely based on inputs from the cyber defense team, it takes into account the insights of attackers. Conversely, it compels the attacking team to learn from what the defense team is doing in successfully preventing attacks. Ultimately, it results in faster security validation that covers more potential attack scenarios.
These three security validation strategies may be provided by a well-designed cybersecurity posture management platform. They can be used under a unified security management solution to achieve better outcomes in detecting, preventing, mitigating, and remediating cyber attacks.
Addressing the human weakness factor
Those who have been reading articles about cybersecurity may have read this statement many times before: humans are the weakest link in cybersecurity. It bears reiterating this point, though, given how human errors, carelessness, and negligence are still significant facts in cybersecurity failures.
No matter how strict the security policies of an organization are, if humans bypass them because they fall for a social engineering scheme, cybersecurity is instantly thrown out of the window. When key personnel do away with passwords or multi-factor authentication because of the inconvenience, they forgo the protection that could have prevented breaches. Moreover, when the higher-ups of an organization refuse to do security validation and cybersecurity training for employees to reduce operating costs, they are setting themselves up for security posture failure.
SANS Institute’s Lance Spitzner offers an excellent argument on why humans are the weakest link in cybersecurity. “We have to begin investing in securing the ‘HumanOS’ also, or bad guys will continue to bypass all of our controls and simply target the human end-point,” Spitzner asserts. Most organizations tend to spend significantly more on security technologies as compared to the effort and resources they expend on improving the cybersecurity awareness and proficiency of their employees.
Doing improvements right
Addressing enterprise security posture failures requires the use of the right tools, emphasis on security validation, as well as honest-to-goodness efforts in preventing people from becoming unwitting tools for cybercriminals. Cybersecurity is not easy, and everyone needs to realize this in view of the staggering aggressiveness and sophistication of the threats or attacks.
However, it is not impossible to achieve a dependable security posture especially with the availability of more advanced technologies, tools, strategies, as well as up-to-date threat intelligence and knowledge of adversarial tactics and techniques made possible by the collaboration among security professionals and organizations