The skills shortage and lack of automation for security operations tasks leaves most organizations unable to pro-actively hunt for threats in their environment. They are typically swamped by the volume of security event data which makes it difficult to identify a breach and respond in a timely manner. Recent research suggests it still takes organizations 100 days to detect a breach. The skills shortage is a real issue that there is no quick fix for. However, organizations can look to invest in tools and platforms that are better integrated and ease the operational burden. Part of the issue is that organizations have acquired a broad range of security tools that are not easy to integrate with other platforms. This again increases the burden on the overstretched security team to bridge the integration gap between all of these tools, further reducing their effectiveness.
Focus on building the tools and processes needed to apply good security hygiene to the IT environment. This starts with good inventory and asset management to know what needs to be protected. This should also include strong policies and practices around vulnerability and patch management as many of the most recent attacks were successful because known vulnerabilities, which had patches were not applied. Organizations can do a lot to reduce the risk by applying the basic best practices.
While Ransomware may have become the attack du jour, the principals involved have remained the same. The adversaries, whether they are criminals, political activists, or state actors, still continue to exploit vulnerabilities in systems that are not properly secured. Focusing on good security hygiene will dramatically reduce the risks and offers the best security return on investments.
The sheer complexity of the organizational environment makes applying security consistently across the estate a very difficult task. Data is no longer locked away in a single location, its on premise, in the cloud, on mobile devices, its everywhere and its constantly on the move. With that backdrop, the biggest challenge is the ability of organizations with limited staff resources who may also lack expertise to operationalize the security tools and platforms they have. The result is that organizations struggle to identify and classify what data they have, where it is and how to consistently and effectively apply data access controls. Its the lack of consistency and the lack of visibility of where data is going that leads to data breaches that go undetected.
Firstly, there needs to be a clear security policy that is based upon managing the risk of the organization. No organization is risk free and its important to classify the assets and the risk and as a business decide what risks need to be mitigated, weighing the costs against those risks. This provides the organization with a good baseline on which to design a security architecture and operations plan that would enable them to execute upon. In general, organizations need to have a balanced approach to managing the risk. In some cases, the application of security platforms and technology to prevent attacks is appropriate. This can range from vulnerability management, to data protection to mechanisms that enable us to break the malware control channel. However, the complexity of networks that are changing so rapidly requires prevention to be married with detection and response capabilities. By ensuring that the organization has the right visibility, combined with the right policies and processes, the organization can be ready to respond when, inevitably events occur that could not have been prevented by the security countermeasures already deployed. This balanced approach provides organizations with the right tools and focus to limit risk and respond effectively.
