IT and top technical products are no more responsible alone for the security of our digital assets. Cybersecurity now needs a strategy. One that involves technology, the people, and the processes. As internet users flourish in the emerging economies, the disinformation and cyberattack challenges experienced by cyber-advanced countries will occur there, too.
More data will be captured, stored, and used, making policy attempts a more urgent need than ever before. In 2020, as we drive toward the Fourth Industrial Revolution, we look at extensive connectivity and digitization.
But, as the latest technologies support economic progress and convenience, they also bring larger security challenges- both in terms of impact and frequency.
Traditionally, cybersecurity began with antiviruses and ended on special suites of software programs that promised to catch malware of all kinds. Today, as the tech space became more complicated, so did these worms and viruses.
Today, we need more than tools and technologies to keep our digital resources secure. In 2020, over 68 percent of business leaders say that the cybersecurity risks facing their organizations are growing.
To address these risks, business leaders will have to arm themselves with the right tools, knowledge, and skills to address issues of data theft and organizational risks. This could include new leadership profiles on the board, enhanced risk assessment and mitigation, and partnerships with external tools and solutions providers to meet cybersecurity responsibilities.
An effective, integrated approach to data and app security is still lacking in organizations. Here are the three specific gaps businesses confront, according to McKinsey:
A holistic cybersecurity strategy can address these gaps and help build overall organizational resilience.
Here’s how an organization can systematically build a holistic strategy to tackle cybersecurity in a fast-paced risk and threat world.
A holistic cyber risk management approach has its pre-requisite in a top-management overview of the enterprise and its multi-layered risk landscape.
Here are a few critical pieces in the puzzle:
Mitigate the top risks by following this simplistic approach:
As a strong example, we would like to share the works shared by the National Cybersecurity Agency of France (ANSSI). They published a toolbox called “EBIOS Risk Manager” for assessing and treating digital risks which can helps at handling these issues.
Most organizations fail to transform their cyber risk arrangements because of the many disparate functional units or silos that obstruct any change. At many enterprises, data owners and line managers limit their operations to the data pool or business unit for which they are responsible, not looking left or right toward the bigger picture.
The reports that emanate from a wide variety of siloes frustrate decision-makers as they fail to address the bigger picture and keep talking about nonsensical stuff that might not matter in the larger perspective.
This situation can be dealt with by creating a holistic, unified dashboard to reflect the current state of cybersecurity across all critical digital assets. Such a dashboard can force everyone to stick to a common language, common ways to denoting risks, and common guidelines of assessment. But, what if this kind of dashboard was not linked to the ground and to the reality of your security, from a technical point of view?
In order to create a good dashboard, interest groups need to collaborate, harmonize definitions of KRIs, threat levels, and compliances. When talking about holistic cybersecurity, it’s not possible by the individual efforts of a team of tech wizards or business experts.
For real comprehensive cybersecurity, interest groups must come together to comprehend the business implications of technology and the technological requirements of business goals. It’s important to note that holistic cyber risk reporting is as much about the people involved as it is about technology and dashboards.
Successful transformation happens when business owners and key executives are involved from day one and are willing to make tradeoffs to strike a balance between productivity and protection. To aid these decisions, executives will need experienced managers who will ultimately become the carriers of the same ideology of holistic cybersecurity.
Organizational leaders might need to rethink enterprise structures and governance to enable a more robust cybersecurity posture. This is where they need to pay due attention. While cybersecurity is an essential undertaking for businesses of all sizes, it must be integrated into an enterprise from the bottom up such that it does not become a deterrent for innovation and transformation.
For holistic cybersecurity to be feasible for enterprises, it’s important that it supports technological change and advancement and not hinder it.
An increasing number of businesses now realize that cyberattacks are an expenditure they need to mitigate. The cost of cybercrime can be calculated as per four disparate cost components- detection and escalation, notification, response, and the cost of customer loss.
A critical part of a holistic cybersecurity strategy is to mitigate the risk of a cyberattack. It’s been estimated that by 2030, the annual gross written premium for cyber insurance will increase by 200 percent, from USD 2.5 billion to USD 7.5 billion.
For large organizations, the cost of a cyber data breach could easily add up to USD 2 million in losses. As businesses get increasingly connected, cybercrimes will not only impact their data and systems but also those of their partners and customers.
This is why many experts encourage companies to explore getting businesses cyber insured. But of course, it will not protect infrastructures, from a technical point of view.
A holistic cybersecurity approach works as an advantage to any organization if it’s taken as a shared responsibility by everyone and not just as a job for a select group of security experts.
We need no statistic to say that people are part of the biggest security risks in any organization. Therefore, it is important to let your people know what needs to be done in a particular security incident.
Business risks can be largely reduced by bringing in this shared responsibility into an enterprise’s culture. To address the human aspect of cybersecurity, foster a security-conscious culture where employees feel encouraged to follow certain procedures.
Managers should convey that security is an organization-wide activity, and the pro-security attitude should be passed from the top of the organization.
Employee training and education can also go a long way in helping your workforce understand potential threats and their duties to follow procedures and processes that help prevent security events.
A culture of responsiveness, reporting, and openness rather than that of blame, shame, and fear can help enterprises build more resilience into their operations to mitigate and limit any damage.
Most companies, even cybersecurity startups, often focus on only one technology vertical. These businesses only try to defend themselves against malware and other immediate threats. Solving one part of the equation without thinking about the complete picture.
Let’s say, a company builds an EDR (Endpoint Detection and Response) strategy. While EDR is an important piece of the cybersecurity puzzle, it isn’t enough in and of itself. EDR enables companies to identify security incidents, investigate them, and remediate them on endpoints. That should be one of your first line of security inside the operating systems, combined with your EPP (Endpoint Protection Platform, antivirus).
A sophisticated EDR might give you the following options to respond to a threat:
This gives a deeper level of visibility into endpoints as EDR identifies and interprets anything unusual living on an endpoint.
Some EDR will also have full rights on all endpoints, which can become extremely dangerous, especially when they can be managed from the Active Directory. That would become a leverage for in depth hacking after an AD get compromised. Of course, it’s not the case with TEHTRIS EDR, as we propose a stronger level of security. But we recommend CISO and Cybersecurity staff to have a look at the risks of adding dangerous powerful agents on all devices, linked to weak points in your infrastructure.
So, EDR offers visibility into your endpoints. But there are limits.
First, EDR alone has blind spots (unless it’s connected to a holistic solution). Second, EDR needs a security staff trained in detection and response, plus skills and time for the integration of the solution. While this is feasible for large enterprises, SMBs might want to check-in on their budgets. And training will not help alone if nobody tries to configure the EDR properly during the integration phase. And then, you also have to maintain these configurations. What if there is a new path of a new product with new Authenticode to analyze, new behaviors of processes? if you have thousands of EDR agents deployed, what will happen if they have no efficient policy to fight against all unknown threats? Even the new ransomware of the day will remain a huge problem.
Finally, EDR doesn’t focus on some details, like network insecurity in your organization. Example, what if all the traffic is allowed from everywhere to everywhere in your organization with a flat network infrastructure? or what if remote accesses easily exist because of compromised VPN? Therefore, threats can come in through a network and move laterally across the network and talk to a remote server, uninhibited. EDR will help, and you definitely need them, as your first weapon. Combined to your EPP (antivirus and endpoint protection), EDR+EPP will not be able to handle everything.
Therefore, now you also need network monitoring and system or application security. If your industry is heavily regulated, you might also need a data and application security system to safeguard your information from data hackers.
To go further, there’s Security Information and Event Management (SIEM). This acts as a hub to integrate flow logs from various sources like systems, networks and applications monitoring logs together under one purview.
In order to go certain steps further in ensuring cyber resilience, you also might want to explore the applications of
And then you might think it’s too complex or too expensive? It’s not. It depends on the technology and products you’ll choose.
TEHTRIS XDR Platform is a smart put-together service offering by TEHTRIS to build your holistic cybersecurity program. Efficient, smart and easy. Already deployed in more than 50 countries. It works. We blocked state-sponsored hackers, unknown ransomwares, etc.
The bottom line is, in order to handle global threats, we need a global outlook on cybersecurity, and tools that can help us reach a level of intermediate if not high cyber resilience.
At TEHTRIS, we have a clear understanding of your best cybersecurity strategy and implement it for you.
Any business is as cyber-strong as its weakest link. What are you doing to ensure cyber resilience?