5 tips to plug security leaks
- 25 April, 2018 15:34
Picture this. You’re on a boat at sea that springs a leak. Your team is bailing frantically – but this will only keep the boat afloat for a short while. How can you save your boat and your crew from drowning? You need to identify the cause, size and severity of the leak. Then you need to fix the leak – preferably in such a way as can be repeated quickly and easily if another one occurs. Ideally, you can prevent future leaks from ever happening.
When it comes to cybersecurity, too many organisations focus on finding more ‘pairs of hands’ to undertake the equivalent of bailing frantically. However, many organisations fail to retain enough security professionals to support this approach.
Eighty one percent of Australia and New Zealand respondents to a recent survey conducted by the Ponemon Institute said their organisations did not have enough staff to patch fast enough to prevent a data breach. Even more worryingly, Australian organisatons reported the second lowest levels of security staffing globally, at 15 people on average, less than half the average number in the US (39 people).
For those companies aiming to bring more people on board, the global shortage of qualified security professionals means the task is likely to become even more time-consuming and expensive.
According to the Australian Cyber Security Growth Network Ltd (ACSGN), several industry surveys confirm the drought of job-ready cybersecurity professionals in Australia is ‘among the worst in the world’. The domestic cybersecurity industry needs to employ at least 11,000 additional workers over the next decade, the ACSGN says.
But more staff isn’t always the answer: obstacles to success often sit with processes rather than people. According to Ponemon’s research, 65% of respondents in ANZ said their organisations were at a disadvantage in responding to vulnerabilities because they used manual processes and; 56% of respondents agreed that IT security spent more time navigating manual processes than responding to vulnerabilities.
The reliance of security teams on tracking threats manually, through emails or spreadsheets, inevitably leads to issues slipping through the cracks. It’s likely no coincidence that Australian orgniasations suffered the highest level of data breaches in the world – 52% have been breached in the past year – when they also reported the highest level of manual threat tracking, at levels over 10% higher than the global average.
These process deficiencies were a major contributor to inefficiencies and high costs in keeping organisations secure: Australian organisations surveyed spent an average of 16,848 hours per year and $US1,053,000 per year preventing, detecting and remediating vulnerabilities.
Organisations need to move from a ‘keep bailing’ approach to cybersecurity, to a more efficient, cost-effective approach to preventing and resolving security issues. And with the volume of cyberattacks increasing, there is an urgent need to adopt a new approach is increasing. Companies also have less time to prevent attacks, not least because cyber criminals are already using automation technologies like machine learning and AI to develop their offensive capabilities.
By taking the following steps, organisations can apply automation to create a robust, efficient and effective security hygiene model:
1. Take an unbiased inventory of vulnerability response capabilities.
You should identify your organisation’s pain points. Does the organisation experience challenges in cross-department coordination; lack of visibility across assets and applications; or an inability to track the vulnerability lifecycle?
Estimate your existing risk and apply a score across each of these areas. Doing so will give your organisation a platform from which to improve.
2. Accelerate time-to-benefit by tackling low-hanging fruit first.
The acquisition of a vulnerability scanner should be a top priority: if your organisation isn’t scanning for vulnerabilities using a tool that provides internal and external scans, it should be. This tool should also provide authentication scans..
3. Regain time lost coordinating by breaking down data barriers between security and IT.
Organisations should create a common view that combines vulnerability and IT configuration data—ideally using a single platform. This lays the foundation for more advanced capabilities, such as prioritising vulnerabilities based on business systems impacted, and routing vulnerabilities to the right IT system owners for patching.
Implementing tools that automate the management of key patching processes can reduce the time and resources required for these tasks, as well as reducing the cost of preventing, detecting and remediating vulnerabilities.
4. Define and optimise end-to-end vulnerability response processes – then automate, automate, automate.
Implementing repeatable vulnerability response processes increases accuracy, reduces risk and eliminates the need for repetitive work. Adding workflow and automation to these processes can drive significant efficiencies, accelerating patching times and reducing staffing requirements.
Giving security teams and IT teams a shared view of these processes, will situational awareness by providing dashboards and heat maps.
5. Retain talent by focusing on culture and environment.
By breaking down internal barriers, creating optimised processes, and automating mundane work, your security teams can dramatically increase job satisfaction and eliminate frustration—making your organisation a preferred place to work.
By acting on these tips, your organisation can transition from bailing frantically to speeding serenely across calm waters to a successful future. This is all the more important in an environment of increasingly rigorous obligations to protect customer data and notify customers of any breaches that impact them.