Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
With large parts of the western world starting to emerge from the Covid-19 pandemic and the associated economic impacts of lock downs and travel restrictions, businesses are trying to plan for a new normal.
Many organisations have shifted to place a larger reliance on cloud delivery of IT, a greater willingness to outsource non-core business functions (like security and digital marketing, for example) and the continuation of working from home arrangements for much of the work force. These changes together with the implementation of operational and security infrastructure changes has enabled businesses to remain flexible and effective.
So as IT security budgets are reviewed; what are the outstanding priorities to support these operational changes and what are the strategic investments for the future? What should be in your security budget for 2021/22 and beyond?
For businesses being forced to operate with remote workforces, secure endpoints (user workstations for the most part) has been a critical area of focus. We were already seeing the rise of UBA (user behaviour analytics, often UEBA or SUBA) and an increase in the market for EDR (endpoint detection and response solutions). Now these technologies are evolving further into XDR (extended detection and response).
For all the focus on endpoints, however, there are still gateway systems at the network perimeter, stored data, web-based applications and an array of cloud-based and on-premise IT systems that are used by business on a daily basis. While there is an operational security need to get the balance right, too much focus on endpoints can introduce risks and blind spots:
Any planned security spending should therefore contemplate not just the necessities of the changed work practices over the COVID lockdowns but also the return by many organisations to more reliable and trusted operational architectures.
Another area where the security goal posts have changed is in cyber governance; almost a new phrase in its own right. As we have moved to digitally transform our enterprises in recent times we have, in many cases, unwittingly added to our attack surface. The integration of business and IT operations has meant that business is required by regulators and 3rd parties, more generally, to have visibility of and the ability to report on security risks, the operations processes and the status of controls. That is to say – cyber “maturity” or “posture” metrics have become increasingly important.
The wider digital transformation agenda, at least in part driven by the need for greater operational efficiencies during lockdowns, has led businesses to increasingly look to streamline and automate their processes. Improved service to customers and operational controls have been achieved through the addition of digital analytics, machine learning and process automation to business operating models.
Just as this transformation has digitalised business operations, so too has it digitalised security operations and compliance monitoring and reporting. The integration of these levels of technology into business process has implications for senior executives and boards in their greater responsibilities and accountabilities for ongoing operations. IT and business operations, and indeed governance, have never been more interdependent.
As a result, there is now less willingness by regulators, and as a consequence boards, to accept that security risk management can be “outsourced” or that a lack of knowledge is an acceptable excuse for failure. With this digital transformation, the accountability for security risk and its management is clear. No senior executive or board member wants to be in the invidious position of mis-reporting or not knowing the security posture of their enterprise. It’s now part of their broader responsibilities.
In business, a common set of financial, legal and social frameworks and controls provide a platform for reliable and trustworthy commercial interaction. As we move towards our digital future, with its expanded levels of cyber risk, a verifiable measure of cyber posture will undoubtedly become part of a broader commercial platform.
While the specific set of controls that comprise good cyber posture may vary from jurisdiction to jurisdiction they invariably include:
These controls are so foundational that sometimes they are referred to simply as “security hygiene”. When it comes to “hygiene” or “cyber posture”, however, the effectiveness of these controls can vary so what’s important is not whether they’re in place but rather, how well they are operating. The greater the shortfall in control effectiveness, the more vulnerable the organisation is to attack. To improve cyber posture, identified risks need to be mitigated and the gaps verifiably closed.
As demands for good IT governance increase from both boards and other stakeholders, organisations need to allocate funding to tighten their security controls through sound systems that measure and report evidence of that fact.
The last obvious area for post-pandemic investment is in things that directly benefit the accuracy and effectiveness of security processes, operations and workflows.
With resource constraints impacting almost every facet of security operations, security leaders must regularly review their processes to identify tasks that limit the effectiveness of their team’s time and effort. Skills shortages and cumbersome processes mean that security teams are often under resourced, over worked and struggling to make tangible improvements in these security efforts.
Much has been made about automating the threat detection, alert handling and incident triage processes. Data volumes and an ongoing reliance on analyst-driven analytics ensure that threat investigation and response remains a specialist critical path activity. Hence the need to streamline and automate SOC processing.
If businesses can optimise the efficiency of their security teams by simplifying alerting and minimising handoffs between SOC processes, and combine that with a greater understanding of the nature of threats, SOC teams can make significant strategic efficiencies to the overall security management process.
By investing in something like the power of the MITRE ATT&CK® framework- to integrate their decision making with the contextualisation of threat observations, the speed and accuracy of analyst decision-making can be instantly improved.
These efficiencies and improvements are likely to be some of the areas where investment will deliver the most benefit in 2021/22 and beyond. If security teams can be funded to “catch up” post-pandemic through improved risk management efforts and posture, and threat responsiveness hastened by better contextualisation, some of the concerns that emerged during the COVID hiatus about falling levels of security will be quickly addressed and resolved.
A recent KPMG Report suggests that protecting against and dealing with cyber risks will be the major challenge for senior executives in 2024. It is clear that despite high levels of security investment, organisations continue to suffer from cyber attacks.Read more
The Australian Signals Directorate’s (ASD) recent publication of their Cyber Threat Report 2022-2023 unearthed a range of areas for concern for government departments and critical infrastructure entities at local, State and Federal level.Read more
As cyber risks increase, organisations are encountering the longer life cycle of insurance renewals and the need to demonstrate better management of security controls and their effectiveness.Read more
Highlights and insights from the recent Managed Services Summit in London & the ISACA Central Chapter Conference on Digital Trust, in Birmingham, UK. With two recent conferences in the space of three days, some interesting challenges were very evident in the topics discussed. Being very different events, the challenges were quite different, but interestingly they […]Read more
In early August 2023, the latest joint advisory on persistent vulnerabilities was issued by the intelligence and security agencies of the “Five-eyes” community. These joint advisories are becoming more common. Perhaps recognising the growing importance of shared security information and the common nature of many of the threats faced – the weight they carry makes […]Read more
The quality of your risk assessment and the security information it provides is important; if you plan to use it to actively manage your operational and cyber resilience activities. Organisations are constantly exposed to a rapidly changing threat environment, so you really need a similarly rapid evidence-based feedback system that informs you of the ongoing […]Read more
The UK market has its own regulators, security standards and challenges. And while rulings from SEC in the US or the Australian Prudential Regulation Authority (APRA) in Australia don’t apply to UK companies, for the most part, the observations are undoubtedly relevant and the resulting advice instructive. It would be wrong to think UK financial […]Read more
<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]Read more
Keen campers, scouts and even the Swiss Army know – that a good penknife is indispensable. This simple device has mitigated many a disaster at one point in time or another. Whether it’s to cut through a bit of string, tighten a screw or simply to solve the problem of no bottle opener in the […]Read more
Supply chain risk is an area of cyber security that demands the ongoing attention of every enterprise; because it can make the difference between being resilient or not. It’s no surprise that insurers warn that the vulnerability of supply chains is potentially a systemic risk that can quickly propagate across supply chain dominated industries. Organisations […]Read more
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.