Hiring first-class talent. Communicating the cyber risk story upstream to enterprise stakeholders. Staying informed on new attack tactics. The list of challenges the modern-day cybersecurity leader faces are colossal, and given the pressure they face to measurably reduce risk, at times it can feel like navigating a kayak through a tidal wave.
But it isn’t only the chief information security officer that’s feeling the burden.
With even the most security-focused organizations seeing at least 10,000 alerts each day, security teams are struggling to separate legitimate attacks from false threats. This gives cyber swindlers an advantage.
Gone are the days when enterprises can set up alarms and wait for alerts. Today’s cyber climate requires a proactive, adaptive approach. Combining actions such as log and event analysis with technology like endpoint detection and response (EDR) and threat hunting is an effective blend, but it’s also a tall order for many enterprise cybersecurity teams to execute.
Reducing risk and expanding security maturity is the ultimate goal as an accountable security leader. But the cybersecurity demands of today will likely require you steer clear of having a one-dimensional approach to security and supplement your existing efforts, especially when it comes to overcoming the following three enterprise security obstacles.
1. Thwarting Persistent Threat Actors
Enterprises are constantly working at ways to become faster and more effective in their efforts to reach their customers. They’re doing this by tapping into revolutionary technology. But with each step taken, threat actors keep a watchful eye, capitalizing on unknown vulnerabilities.
Exploit kits and ransomware are continually evolving to take advantage of these security gaps—and it’s paying off. The return on investment hackers see from these schemes is, on average, 1,425 percent. Every dollar they earn increases the reputational risk for enterprises.
To reduce the business impact of these breaches, organizations need to identify and address vulnerabilities before they result in costly losses. Given the complexity of IT environments within modern-day enterprises, however, the median time between intrusion and detection of these threats, which leverage cutting-edge malspam, social engineering, and fileless loading techniques, is 55 days.
To address this, enterprises are finding increased value in partnering with trusted security advisors that specialize in not only stopping known threats but also identifying and remediating unknown ones.
While there are a slew of service providers that will claim to be a perfect fit for your organization, it’s important to be wary of those that oversimplify problems, profess to have all of the answers, and jump straight into your need for advanced solutions, says Jesse Emerson, vice president of managed security services at Trustwave. Any recommendations made should be weighed against the risks and the risk appetite of the business.
“A trusted advisor that is threat-focused will have an understanding of the threat actors that target an organization—this takes both access to a large and relevant threat dataset, as well as a commitment to threat research,” Emerson says.
This supplemental support results in increased bandwidth and capabilities that many large organizations currently lack but would like to develop. The additional assistance allows for larger sets of data from complex systems to be analyzed, resulting in the identification and classification of credible threats. This valuable information can be leveraged to avoid similar attacks in the future.
2. Overcoming the Talent Shortage
It’s been a problem for years now, and unfortunately, there’s no silver bullet. There’s a serious need for trained and educated cybersecurity professionals. While colleges and universities are ramping up their program and course offerings, enterprises can’t afford to play the waiting game.
The lack of skilled cybersecurity professionals has created a crisis for many organizations across the globe, one that digital miscreants are using to their advantage. This is one major reason why they’re struggling to keep up with cyber threats.
A recent study by research firm Cybersecurity Ventures predicts there will be an estimated 3.5 million unfilled cybersecurity jobs worldwide by 2021, and businesses are feeling the pain. According to a 2018 ESG survey, 53 percent of global organizations are experiencing a shortage of cybersecurity skills. If you’re reading this article, there’s a high probability that you’re feeling the pain, and it’s being felt all the way up to the C-suite. Only 51 percent of CIOs rate themselves as doing an excellent job managing human resources on security, according to Cisco.
“Very few cybersecurity organizations today are fully staffed, and only the most mature organizations are able to maintain their cybersecurity program through the pressures of employee turnover,” Emerson says.
Instead of joining the rat race for acquiring and keeping cybersecurity talent, many enterprises offload their security preparation and response to a managed security services provider (MSSP), which can eventually offset the need for more skilled workers.
From installing and managing technology to retaining and training staff to run and configure complex systems, these trusted security advisors can provide the supplemental support needed to manage one of an organization’s largest vulnerabilities: its people.
“A trusted advisor should be able to help by both increasing the maturity of an organization’s program as well as augmenting its operational execution,” Emerson says. “This augmentation is critical in allowing organizations to access the skills they need as well as the bandwidth and staffing elasticity that is necessary to keep up with the dynamic nature of cybersecurity.”
3. Finding and Patching Weaknesses
Data breaches continue to grace headlines around the world, and many of them are a result of a simple unpatched vulnerability. According to the 2019 Microsoft Vulnerabilities Report, which compiles every Microsoft security bulletin from the past previous year, 499 vulnerabilities were reported across many of its most popular operating systems. Given the popularity of these operating systems across enterprises, you can see how not addressing these weaknesses could result in costly consequences.
From retail chains to government agencies to internet service providers, organizations around the world are collecting, creating and storing more data than ever. This overwhelming volume of personal information is a prime target for cybercriminals. Whether malicious hackers are mining data to hold it for ransom or profit from it in the cybercriminal underground, a data breach can seriously tarnish an enterprise’s reputation.
Protecting this valuable data is the pivotal responsibility for security leaders, but given the complexity of businesses today, addressing this network of weaknesses is no simple task. Organizations with large, complex supply chains present additional threat vectors through third-party service providers that have any connection or access to company data or assets. Threat actors are known to focus their efforts on vulnerabilities impacting those providers.
Addressing vulnerabilities impacting your business can be manageable, but remediating these indirect threats is not. It requires enterprises to create detailed security plans to help ensure compliance across the supply chain. This can present significant strains on resources and can also damage what could be fruitful relationships in some cases.
To successfully manage and navigate this web of weaknesses, enlisting the efforts of a trusted security advisor can provide increased visibility into the assets that may be vulnerable to attack. This frees up the time and effort of the organization’s security team to focus on initiatives that can further measurably reduce cyber risk within the business.
By understanding the challenges you face as a security leader, where they emanate from, and how they impact the enterprise, you can adjust your approach to security and enlist supplemental assistance in the right areas. Organizations are increasingly partnering with MSSPs and opting to pivot from the traditional, complex, and expensive in-house 24x7 solutions.
How to Vet a Trusted Advisor
If you decide that searching for a partner that can provide supplemental assistance to your security organization, Emerson outlined three key areas to focus on:
- 1. Assessment
It’s important to know what you’re looking for. Vetting what will become a trusted security advisor will require a considerable level of self or externally-driven assessment to understand the type of security partner needed for both immediate and long-term demands.
- 2. Research
Once you understand the types of products, services, and advisory that you need, the next step is to cut through the very crowded vendor landscape for those that are most likely to help you achieve your goals. Analyst reports, industry accolades, and peer references are all part of that research that will help you narrow down the list of potential partners that you want to get to know.
- 3. Relationship
Getting to know your security partners is very important. Visit their offices and meet as many people from different levels of their organization as you can. While a great relationship with an Account Manager is helpful, you want to make sure that you get exposure to a broad set of the partner’s organization. Find out if your company cultures are aligned. Are the partner’s leaders experienced in the industry, or just with their own preparation? Are they accustomed to working with organizations like your own? At the end of the day, you want a partner that understands you, is responsive, and will grow with you over time.
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.