Keeping up and staying secure can be a challenge, especially when you do not have reliable information to base your risk management strategies on. How do you defend yourself if you cannot see your enemy?
“To know your Enemy, you must become your Enemy.” Sun Tzu
In part one of this two-part blog series, we looked at trends in terms of the biggest losses in cyber security as well as the attack trends we’re seeing and predict to continue into this year. This second part will represent the stance of the defenders and provide insight into how businesses are, or should be, defending themselves.
Biggest Spending Trends
Deception Technologies & Post COVID Spending
The use of AI and ML in furthering deception technology used to divert attacker’s efforts to honey pots and exhaust their time and resources to prevent APT’s is seeing the greatest investment and forecast to reach 2.48 Billion by 2025.
Even with information security spending expected to increase to 151 Billion by 2023 with a forecasted CAGR of 9.4% prior to COVID-19 and remaining positive at 6.2% after the pandemic, cyber security budgets remain largely underfunded.
Recommendation: Paying attention to where other organisations are spending money helps in knowing where to allocate your investment for risk management. Early investment in the right technology can greatly help in staying ahead of the curve.
Working from Home
Organisations are now having to shift their cybersecurity focus from traditional corporate networks to an almost completely remote solution where digital transformation takes precedence over corporate network security. Source: Gartner
Recommendation: The majority of security expenditure is mostly focused on corporate networks and not necessarily for remote working and even then, these implementations are susceptible to attacks. Sufficient penetration testing of remote working solutions is of the utmost importance.
AI Immune Systems
The sheer amount of data needing to be analysed to effectively monitor and prevent cyber incidents is far too much for human teams to handle, and so the need for AI and ML tools has become a saving grace for companies looking to enhance their cyber capabilities while lowering the cost associated with hiring large cyber teams. Source: Gartner
Recommendation: Using AI and ML to augment human resources are absolutely a must to protect against new breeds of attacks, along with using the correct technologies, companies should outsource the bulk of monitoring, detection, and response tasks to dedicated managed security service providers.
Software Defined Networks
While everything moves into the cloud and digitalisation is transforming the way we think about traditional computer networks the last part to be completely physical is the network aspect. SDN’s offer a much lighter and more manageable solution when it comes to maintaining and monitoring these massive networks.
Recommendation: SDN implementations may be costly and complicated to set up, and does not make sense for smaller networks, but having any sort of cloud hosting solution, companies should look at providers that are taking advantage of the technology.
Automated SIEM and SOAR Solutions
With the ever-increasing gap in the cyber security workforce and the advancement of technologies being employed, it is now more important than ever to increase the use of automated systems used to monitor and detect cyber threats. Source: Gartner
Recommendation: Automation is key to being able to handle the vast amounts of alerts being generated on a daily basis. Companies need to take advantage of technology to sift thought the many false positives so that cyber teams can be free to do threat hunting and other remediation tasks.
Data privacy and security concerns has moved to the top of the list for most organisations, with breaches now leading to massive penalties and compliance becoming more data centric this has led to a major hiring move for data protection personnel over the last two years. Source: Gartner
Recommendation: The first step to understanding your exposure regarding data is to know what regularity and compliance issue your industry and business must adhere to. Once that has been defined organisations need to assess the guidelines associated with them to confirm they are in good standing and then perform regular penetration tests to assess the security measures taken.
CISOs and other security hiring managers are constantly looking for diverse teams to handle cyber operations, and keep talent motivated in the work that they do, the challenge with this is that cyber security skills span many areas and professionals are expected to fill multiple tasks that were not what they set out to do. Gartner
Recommendation: Along with augmentation of cyber teams with technology, it is important to understand that this is still not sufficient, the best strategy is one where internal teams and technologies are coupled with trusted partners who can handle the bulk of the workload while your internal team manages more important tasks on the ground.
Want to put your organisation through its paces and make sure its secure? Drop us a line to discover how A&O IT Group can help enhance your cyber security and ensure you’re defending to the best of your ability.
Kyle Turner, Cyber Security Regional Manager – Middle East