Is It Time to Rethink Cyber-Security Strategies?By Samuel Greengard | Posted 2016-04-21 Email Print
Despite the efforts made to thwart attackers, cyber-security threats keep growing, and many question whether conventional methods are enough to protect a firm.
Minimizing Risks and Maximizing Protection
Amid all the emerging chaos, one thing is perfectly clear: Cyber-security won't become any simpler in the foreseeable future. Yet experts in the space say there are things that business and IT leaders can do to minimize risks and maximize protection.
For one thing, ISACA's Schwartz says, it's critical to understand the value of data held in enterprise systems and to focus resources where they are most needed. In the past, "Security has been spread out across a wide array of assets, irrespective of the value of those assets," he points out.
There's growing recognition that this approach is unaffordable and unsustainable. "There's only money to protect key assets, and that's where the focus must be," Schwartz advises.
This involves hardening critical assets and looking for ways to minimize the impact and damage associated with a breach. In many instances, it means re-examining authentication and tapping end-to-end data encryption—including moving blocks of data across systems and clouds in an always-encrypted state, referred to as encryption in transit.
This approach might also translate into using outside providers that specialize in particular security services. Or it could require applying more stringent security safeguards by placing mission-critical data in the cloud under the watch of companies that specialize in data protection.
"Many attackers, particularly those that are financially motivated, are simply looking for the easiest path to results," Schwartz says. "They won't spend a lot of time and resources if the target is too difficult."
BDO Consulting's Shaghaghi adds that it's important to examine—and sometimes re-examine— business partnerships and relationships. "As companies push more and more of their core processes out to third-party providers, and connect to other companies through APIs and clouds, the boundaries of risk management must expand," he explains.
In fact, more than 50 percent of today's breaches occur as a result of third-party relationships, according to Shaghaghi. "Organizations must take a fresh look at how to manage relationships from an end-to-end perspective, particularly as the Internet of things takes shape," he says.
Keeping an Eye on Big Data Security Analytics
Intelligence sharing is another valuable tool, Shaghaghi adds. Over the last couple of years, a number of companies and organizations have emerged to serve as knowledge bases, or repositories, for security threats.
Within these frameworks, companies typically share incident data anonymously. "It's important for security professionals to have conversations with others and share information," Shaghaghi says. "It's a very effective way to identify new threats—and for others to avoid them."
However, ISACA's Schwartz adds that while these networks can deliver real-world results, it's vital to engage in due-diligence about the provider. "Some of these feeds do not deliver high-fidelity information that matches real threats," he warns.
Finally, security professionals should keep a close eye on emerging predictive analytics, big data security analytics, artificial intelligence (AI) and deep learning systems, which may identify threats faster and more effectively than traditional tools. Many of these technologies are still in the nascent stages, but they are advancing rapidly.
When an enterprise establishes a comprehensive cyber-security risk management framework, it's possible to take system and data protection to a higher level. The framework should include end user security awareness training, simulations, ongoing testing, and more advanced and integrated solutions that span everything from devices to application security.
In fact, Gartner analysts Neil MacDonald and Peter Firstbrook advise organizations to evolve into an "adaptive security architecture" that incorporates predictive, preventive, detective and response capabilities. They also predict that information security budgets will increasingly tilt toward rapid detection and response, and that organizations will deploy security data warehouses and greater forensics capabilities. The analysts describe today's blocking and prevention capabilities as "insufficient to protect against motivated, advanced attackers."
"There is no such thing as a 100 percent bulletproof solution or approach," concludes BDO Consulting's Shaghaghi. "But organizations that approach cyber-security technology and strategy smartly and devote appropriate resources to the task can greatly minimize risks."