As enterprises expand their IT networks and migrate workloads to the cloud, as people work and transact remotely, as billions of devices join the IoT every year, and as cybercriminals become smarter and bolder, cybersecurity professionals have to run faster just to stay in the same place. It is estimated that worldwide, cybersecurity spending will reach nearly US$ 200 billion by 2025.
Organizations would be well advised to deploy their investments in proactive defense, anticipating attacks early, responding to events in real time, and trying to contain damage rather than fixing it. The problem is that data and applications are exiting the enterprise data center and moving into the cloud, to be accessed by users who could be sitting anywhere on earth. This means that the earlier approach of securing the network perimeter is no longer effective. The new need is to protect data and applications right where they are.
That calls for comprehensive measures, starting with building a core foundation for securing the enterprise inside out. This article looks at it from three perspectives — technology, process, and people.
Securing the enterprise with advances in technology
As digital technologies continue to proliferate, cybersecurity strategies need to factor in the increasing use of artificial intelligence (AI), robotic process automation and the Internet of Things in their threat assessments. Because neither data nor employees reside within enterprise boundaries today, cybersecurity needs to change tactics from network-centric to user-centric. This is the basic principle of zero-trust architecture (ZTA). Apart from securing users, resources, and assets where they are — rather than protecting static perimeters — ZTA supports governance by enforcing policies in a granular manner.
Apart from ZTA, organizations can employ methods such as security as code, security as policy and security as infrastructure — bringing in hyper-automation — to protect workloads on the cloud. Like ZTA, these improve governance by defining security policies and standards as codes to automate enforcement.
Cybersecurity teams will do well to leverage AI and machine learning to defend against attackers who are already using these technologies to perpetrate crime. Machine learning algorithms can work through massive amounts of data in real-time to identify anomalies, such as unusual behaviors or outlier patterns, alert the organization early, and even take defensive action if required.
Securing through proactive processes
Enterprises have to constantly be on guard to anticipate threats or at least detect them before they cause too much damage. Ever-watchful security processes play a huge role here. Vulnerability management processes continually examine IT assets to check for any misconfiguration or other issues that may render them vulnerable to attack. This technique also triages vulnerabilities and remedies them in order of urgency.
Proactive risk management is also key to establishing controls — preventive, detective, monitoring and for defense. First, organizations need to conduct a comprehensive risk analysis to understand the level of risk faced by each critical data asset and, based on that, prioritize the order of defense. One line of thinking recommends use-case-based cybersecurity, that is, identifying the most likely targets and securing those before others. Regular penetration testing — simulating an attack on your own systems and applications — also helps to ferret out weaknesses and fix them proactively.
Many risk management processes, such as applying patches or upgrading software, may be automated in the case of low-risk assets. However, it is important to ensure that automation does not create new vulnerabilities; this is why higher-risk or more valuable assets need to be accorded greater prioritization and have some human supervision.
Trends like remote work, hyper-connectivity, and personal devices connecting over unsecured networks are dramatically increasing enterprises’ exposure to bad actors. Identity and access management (IAM) processes ensure that only authorized users — both within and outside the organization — access data, applications and other enterprise systems without exposing them to risk. Using IAM processes, IT administrators can assign a unique digital identity to every user; authenticate users based on a username, password and additional factor; permit them to access resources based on rules or roles; and, manage their identities from end to end.
As IoT and other technologies spread, even connected devices, robots, and APIs are being given identities. But AI technologies are increasingly becoming a part of proactive defense mechanisms, recognizing highly complex patterns at a speed and scale that is impossible manually to block miscreants before they can strike. Not only that, but AI can also consider factors such as location or user movement to fine-tune risk perception.
Securing the people
A massive 3 million cybersecurity positions lay vacant in 2021. While AI and automation can take over some parts of the job, they are by no means a replacement for human talent. Hence organizations need to make a varied efforts to close the talent gap. For example, they should broaden their recruitment strategy to look beyond cybersecurity qualifications and experience at candidates with adjacent skill sets, natural aptitude, or interest in cybersecurity.
It is a good idea to prioritize hiring in security functions that are critical to business operations because it maximizes value. The organization should identify the roles with the biggest impact on risk and find the right people for those jobs on priority.
Internal human resources can be augmented with cybersecurity experts and threat intelligence specialists who can monitor a much larger landscape, including the dark web, to detect threats.
Finally, enterprises need to nurture a security culture and mindset throughout the organization and use training and education to promote secure practices and behavior. The most important element in an organization’s security foundation is a vigilant workforce that believes security is everyone’s business.