Innovation and top-line growth are consistently two of the top three key priorities for business executives. Security is always sandwiched right in between these goals, as the threat landscape and perimeter constantly evolves – and never for the better.
The digital paradox holds that the same technologies that allow us to innovate and grow give sophisticated intruders the same tools to innovate their method of attack. Just like a chain is only as good as its weakest link, the same goes for our approach to security. It doesn’t matter where in your IT environment a breach occurs; in the end, everything gets affected.
In fact, there are only two type of organizations that really exist – those that have already been breached (think SolarWinds, Anthem, Colonial Pipeline and the like), and those organizations that WILL BE breached – and the sophistication of the threat actors are only enhanced by the same digital tools we use to innovate and accelerate business growth. For 2021, cyber breaches will have a global economic cost estimated at $6.1T – which if it were a nation, would be the 3rd ranked world economy.
And the impact of the COVID-19 pandemic has only increased the risk. Consider cybersecurity insurance to cover damages in the event of a breach becoming more mainstream, or the cost of insurance and the coverage limits in liability determined by how sophisticated and modernized a company’s security posture actually is. Similar to auto insurance, if you want to save money on premiums and increase coverage, you absolutely need to secure everything.
Take a look at the following numbers:
- “Cyber Incidents” is the #1 ranked claim category in 2021, with a 27% increase in insurance claims during the first 9 months of 2020, causing increases in premiums of over 25%
- 71% of Cyber experts are MORE concerned with ransomware attacks post-pandemic based on the rush of technology deployment during the quarantine
- 56% of organizations suffered a breach due to ransomware attack during 2020 – more staggering that 27% of those breached paying the ransom due to lack of ability to recover data and app assets
These ubiquitous digital threats have become so serious that nations, including the US government, have released specific accountability guidelines and terms. One such example is the White House mandate on cybersecurity and ransomware published in May. It outlines the measures that organizations should take to establish recoverability of their digital assets (data and apps) with air-gapped, immutable data protection. Organizations like the Office of Foreign Assets Controls are pushing out mandates to secure their ability to recover and instituting potential sanctions and penalties should an enterprise decide to pay. In September of 2021, this warning was extended to insurance carriers and cyber services firms as well, further emphasizing the need to modernize security strategies and ensure recoverability.
Another alarming metric is that the average dwell time for breaches is 201 days – which means that, on average, 201 days pass between the initial breach and when the breached organization detects it. And even when the breach has been detected, it takes an average of 70 days to isolate and contain the breach so tht further spread is stopped. All of these data points lead to the primary reason why modernizing your security strategy is as critical as digital innovation.
Without oversimplifying, it boils down to these three simple objectives:
- Identify internal and external threats AS QUICKLY AS POSSIBLE.
- Isolate the threat to PREVENT FURTHER INTRUSION.
- Remediate the threat while quickly MAINTAINING AND RESTORING service availability.
CYA with the CIA Triad
We said the three objectives were simple, but that doesn’t mean they are easy to execute. So, how do companies reach this level of proficiency in combating constant threats within a rapidly expanding perimeter?
It starts with prioritization of security throughout each digital initiative. It’s true that companies are compelled to modernize the infrastructure foundation, simplify the user experience, and transform data residency and application workloads. But, security must be top of mind in the planning, design, implementation and management phases of these projects to provide critical protection of modern IT assets. It is the essence of the CIA Triad.
Confidentiality: How can we secure data to be accessed only by authorized users while preventing any potential data loss, such as company secrets (i.e. the formula to Coke)?
Integrity: How can we confirm that the workloads users interact with have not been tampered with? How can we prevent tampering in the first place? We need to focus on Identity and Access, or cloud-native application and container instantiation.
Availability: How can we quickly identify and isolate threats so that we can maintain service availability to apps and data as resiliently as possible? How do we define, and stick to, the appropriate service level agreements?
How to Secure Everything
‘Secure Everything’ revolves around aligning the right strategy with the best policy to ensure confidentiality, integrity and availability of data, apps and infrastructure to defend at the new, constantly evolving perimeter.
This starts with developing a sound security strategy utilizing modern frameworks and regulatory guidance that is continually updated. That strategy is determined by thoroughly conducting business impact, gap and risk analysis to confirm healthy areas and identify those that need improvement. Companies must follow National Institute of Standards and Technology (NIST) and General Data Protection Regulation (GDPR)/Caliornia Consumer Privacy Act (CCPA) frameworks and implement Center for Internet Security (CIS) controls with a 360-degree feedback mechanism to ensure all angles are reviewed and covered.
To secure platform and infrastructure, companies must analyze existing firewall rules and policies before making recommendations on how to modernize. This is a prerequisite to implementing Zero Trust Network Access and Secure Access Service Edge (SASE) to harden systems and segment networks, thereby shrinking the attack surface.
For identity-first security that now must encompass WFH (work from home) networks, a strong manage-detect-respond capability starts with modernizing the authority and understanding that identity access in the new hybrid world needs to be federated with conditional access governed by context via policy. Modern threat analysis should be augmented by AI, because no human can process the billions of events in any real correlated fashion to find the signal through all that noise, in addition to cloud-based services (cybersecurity mesh) to combine intelligence data. Once a threat has been detected, automating through SOAR (security orchestration, automation and response) is critical to isolate those threats to prevent further damage.
Finally, businesses must always adhere to regulatory guidelines, based on industry sector, with the ability to take in all telemetry data to dynamically generate audit reporting and ensure compliance. At the same time, we need to continually look for risks and threats, all managed as part of a comprehensive program that incorporates previous analysis and assessment results. This needs to go beyond traditional Governance, Risk, and Compliance measures by employing Integrated Risk Management (IRM).
Contact Presidio today to learn how we Secure Everything, and why our customers lead their industries in threat detection, response and remediation.