Investing in more security tools not the answer

According to the Australian Cyber Security Centre’s (ACSC) latest threat report, it received 76,000 cybercrime reports last financial year with Australian organisations reporting a cyber attack every seven minutes. In response, a flurry of new threat detection and incident response solutions have emerged — seemingly to help cybersecurity teams react to the continuous influx of new security issues.

However, these multiple point solutions provide disparate metrics, reporting and training requirements and can make it difficult to unify different risk metrics and succinctly communicate an organisation’s security status.

Understanding your attack surface

As organisations struggle to keep pace with a constantly evolving threat landscape, many often resort to a reactive approach based on chasing threats and responding to potential incidents. Reducing risk in the most efficient and effective manner requires a proactive offensive based on understanding your attack surface, better prioritising your efforts and measuring and communicating this progress over time.

Organisations need to move away from responding to threats and towards consistent exposure management because preventing cyber attacks requires full visibility into all assets and exposures, extensive context into potential security threats and clear metrics to measure cyber risk objectively.

Organisations that can anticipate cyber attacks and communicate those risks for decision support will be the ones best positioned to defend against emerging threats.

A recent Gartner report indicated organisations prioritising their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach.

Business leaders are challenged with trying to keep up with constant streams of data from various point solutions they’re using to manage vulnerabilities, web applications, identity systems and cloud assets. And, they’re confronted with the need to effectively analyse all that data to make informed, proactive decision-making about which exposures represent the greatest risk to the organisation.

A proactive approach

Adopting a functional and consistent exposure management cadence involves people and process changes that enable business leaders to better allocate time and resources so they can focus on taking the actions that legitimately reduce their risk.

It also requires security teams to place as much importance on proactive efforts as they currently do on reactive incident response efforts. Security professionals must also consider how siloed organisational structures — and the myriad of security tools used in support of those silos — are hindering their ability to see what an attacker sees. And, it demands a way for security professionals to analyse incoming data from disparate tools to draw meaningful insights that can be applied to risk reduction goals.

To be an effective part of any exposure management program, a platform needs to offer three key features:

1. Comprehensive visibility: A unified view of all assets and associated software vulnerabilities, configuration vulnerabilities and entitlement vulnerabilities, whether on-premises or in the cloud, is essential to understand where an organisation is exposed to risk. An exposure management platform needs to continuously monitor the internet to rapidly discover and identify all external-facing assets to eliminate areas of known and unknown security risk. This helps to reduce the time and effort required for security teams to understand the complete attack surface, eliminate blind spots and build a baseline for effective risk management.
2. Prediction and prioritisation: An exposure management platform needs to help users anticipate the consequences of a cyber attack by drawing on the large datasets available from various point tools and providing context about the relationships amongst assets, exposures, privileges and threats across an attack path. Cyber risk prioritisation is required to help cybersecurity teams continuously identify and focus on the attack pathways that present the greatest risk of being exploited. By providing accurate and predictive remediation insights, these features enable security teams to proactively reduce risk with the least amount of effort to help prevent attacks.
3. Effective metrics to communicate cyber risk: Security experts and business leaders require a centralised and business-aligned view of cyber risk with clear KPIs to show progress over time as well as benchmarking capabilities to compare against external peers. An exposure management platform needs to provide actionable insights into an organisation’s overall cyber risk — including the value of the proactive efforts happening daily. It also requires the ability for users to be able to drill down for specifics about each department or operational unit. It needs to deliver accurate business-aligned cyber risk assessments to improve communication and collaboration among constituents. Actionable metrics enable security teams to show the value of their proactive efforts as well as save time, improve investment decisions, support cyber insurance initiatives and drive improvement over time — all while tangibly reducing risk to the organisation.

Traditional approaches to vulnerability management need to evolve into a comprehensive exposure management program, enabling users to translate data about assets, vulnerabilities and threats into actionable insights.

Exposure management gives cybersecurity leaders a way to reclaim the narrative from the reactive, headline-grabbing breaches and attacks. It enables them to clearly explain the effectiveness of proactive, preventive security programs in a language the business will understand. And it transcends the limitations of siloed security programs.

Image credit: iStock.com/Blue Planet Studio