Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Hazard Reduction: 5 Steps to Adapt Your Cybersecurity Strategy for 2020

[Author note: 2019-20 has had one of the most horrific fire seasons on record in Australia, with significant loss of life, loss of property, and overall impact on the national psyche. While I believe the parallels and metaphors used in this article are valid, I equally don’t want to downplay for one second the importance of real firefighters and real fire management. If you chose to spend less on cyber security this year and give the difference to the RFS, I’d probably be OK with that right now. Anyway… back to business…]

In Australia, we are unfortunately used to the idea of a fair swathe of our sunburnt country catching fire each year. Minimizing the likelihood of a fire is extremely difficult. Minimizing the consequence of a fire is a more realistic goal, although as we’ve seen this year, still not an ‘easy’ goal to achieve when the weather is against you. One of the key techniques used in fire management is back burning, also known as 'controlled burning', which involves starting small fires in an intentional way, to reduce the amount of fuel that's available to the real uncontrolled events.

Cybersecurity has similar dynamics. 

With Big Data driving organizations toward a “store first, ask questions later” data approach, it’s time that we look at the concept of back burning our data environments to reduce the fuel for the ‘fire’ that may happen sometime in the future.

As security leaders kick off the New Year with fresh perspectives and goals aimed at measurably reducing cyber risk within their respective organizations, it may be time to revisit data protection strategies.  Below, I’ve highlighted five key areas to focus on to take an adaptive approach to cybersecurity as our lap around the sun once again begins.

1. Take Stock of What You Have

When working with our customers, we find there’s this tendency to overinvest in security technologies, particularly, whatever the shiniest solution is at the time. Organizations end up in a situation where they have a huge range of technologies but they’ve often never fully implemented them or operationalized them. When we go in from an audit perspective, we’ll often find that there are massive gaps in an organization’s maturity, and the gaps aren’t there because they’re lacking solutions, they’re there because they’re not using the solutions that they have to their full extent.

The fact that there is a possibility to get a lot more value out of your cybersecurity program without spending a lot more money is something that organizations really need to take advantage of.

2. Back Burn Your Environment

Back burning, or ‘hazard reduction burns’ as they’re sometimes now called, is a concept that is particularly relevant in Australia right now, but just as relevant across the globe seeing as many other countries aren’t immune to forest or brush fires. Australia is currently in early summer and bushfire season is well upon us and is causing a lot of very, very serious problems.

The back burning concept is when things are calm – and not a hot, dry windy day of which we’ve had way too many in the last few weeks – take the opportunity to do a controlled removal of leaves and sticks and dry material that could potentially be a threat when things are bad.

The parallel here is about ‘back burning’ your data environment. So much of the last five years has been about Big Data and aggregating all of the data you can, even if you don’t know what you’ll be using it for, you keep it for down the road. This has resulted in organizations keeping massive amounts of data that they don’t need. Many times the data doesn’t have an owner, is out of date, or stored in antiquated systems. All of this presents a significant exposure to data breaches. By back burning your environment, you’ll look at what you have in place and get rid of the data that is basically presenting an exposure without any real benefit to you. You can reduce the ‘hazard’ of data being breached, simply by no longer holding that data.

3. Re-focus on What’s Important

Security is a massive field. One of our key taglines is “Supporting the need for security collaboration.” None of us can solve the security problem on our own. I genuinely believe that no organization can actually spend as much as they would need to spend to fully secure their environment. Once an organization goes through the back burning exercise, the next logical question is, “Of what’s left, what is more important to secure?” If you have limited resources, make sure you’re applying those limited resources on the problems that matter the most.

4. Get Help

Once you’ve back burned the environment, gotten rid of the data you don’t need and have realigned your focus, this is where trying to get leverage comes in. Trying to get a multiplier on the security investment that you’ve already spent or will spend. If you accept the fact that we all have limited resources, if you can get a two to three times return on what you’re spending, then it makes a massive difference to a security program. That multiplier effect will come from things like managed security services. The sharing of the significant capital cost and finding a way to get a better return on that. Looking at how you start to use external expertise and collaboration platforms (yes, I am of course promoting Security Colony – www.securitycolony.com) and leverage is key. 

5. Measure, Measure and Measure Again. And communicate.

Metrics are always going to be a challenge. The reality is that cybersecurity is a complex area. Even if you look at the points we’ve talked about so far, how would you define a metric that points to the risk that you’ve reduced through back burning an environment? You can talk about how much less data and exposure you have, but it doesn’t guarantee that you won’t have a breach. With all these things, the challenge is that the people who are asking for the metrics and the reporting, they want something that gives them comfort that they won’t have an incident occur.

Whereas from the perspective of a security leader, really the message is that we can’t deliver that assurance, but can demonstrate that we are making good decisions and have a mature program in place that effectively manages the risk. But the risk is not going to be zero. Having a metrics approach that is discussed and agreed upon as far as what it represents for the practitioners that put it together and the business leaders that will receive it is the best way forward. Having a discussion up front about your metrics and what they’re communicating as it relates to the business and the security program itself is key.

Given today's evolving threat landscape, collaborating with other security leaders is essential to bolster the effectiveness of your current security strategy. Find out how Trustwave Security Colony serves as a resource that allows you to do that. 



Nick Ellsmore is the director of consulting and professional services at Trustwave.

Latest Trustwave Blogs

Unveiling the Latest Ransomware Threats Targeting the Casino and Entertainment Industry

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are...

Read More

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including...

Read More

Trustwave Takes Home Comparably Best Company Outlook for 2024 Award

Comparably, a leading workplace culture and compensation monitoring employee review platform selected Trustwave to receive its Best Company Outlook for 2024 Award. This award marks the seventh time...

Read More