The Evolution of Breach Prevention - Integration
There is a famous saying, that the “only constant in life is change”, and there is arguably no clearer validation of this statement than cybersecurity threats.
Cybercriminals wage a daily war against us. Visualize an ancient castle with hundreds of catapults hurling attacks, hoping that one breaks through. In order to stop them we create bigger, better, stronger walls, and they create new weapons to throw at our defenses.
Ultimately, we have to perfectly defend against every attack, because even one breach is a win for the bad guys. The advantage they have is they get to see what defenses we put up and come back the next day with more sophisticated and clever ways to bypass them.
Security Architecture Complexity Challenges
One common and logical approach is to put up more defenses, and as noted in week one, the average enterprise has 75 cybersecurity tools in place. The challenge with so many different cybersecurity tools is that each one addresses a different type of attack or attempts to safeguard a specific aspect of the network. Given how quickly and how often cybercriminals modify their strategies, the number of tools required to prevent a breach grows continually.
As a result, enterprises struggle to manage these complex security architectures. Too many products with too many policies, management systems, best practices and integration points. It is the integration, or lack thereof, that is a restricting factor to the strength of the cybersecurity posture from an IT perspective. These tools act separately but notify in a similar way: by sending a security alert to a dashboard, usually monitored by a technician for that product’s console or some combination of SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automation Response) products.
Without getting into the intricacies and merits of SIEM and SOAR products, know that they each provide valuable consolidation points for these alerts and help IT teams respond to threats. This information usually stays entirely siloed within IT, and therein lies the problem.
Why Security Tools Are Not Enough
It’s estimated that over 30,000 websites are hacked each day. How is it that with all these tools in place and powerful technology to aggregate alerts and distill insights - breaches occur with relative ease. There are two factors at play here.
- IT specialists receive an unmanageable deluge of alerts every day.
32% of IT security professionals ignore alerts because so many are false positives. With so many alerts bypassing your security team, you have to turn your end-users into your last and strongest line of defense.
- These tools sit in IT, and the data and any valuable insights also stay in IT.
What about the human element? Human error is the cause behind 80% of breaches. Cybersecurity awareness and training teams are left to manually dig through data and reports, and that’s for the ones lucky enough to even get access to this data.
The Cost of a Lack of Integration
If your approach to cybersecurity technology has been reactive and fragmented, you’re not alone. Around 50% of executives working for large organizations say that the lack of integration between their cybersecurity tools is their number one cybersecurity issue.
Cybercriminals prey on this lack of integration; they thrive in conditions where an attempted hack on one group can be easily revised and repurposed to go after another section of your defensive wall. The true cost of this is the cost of a data breach, which is just under $4M.
Solution? Build your own Integration Business Plan!
This is exactly why integration is the second trend of the 7 Essential Human Risk Management Trends for 2021. Here are some recommended steps for how to improve your cybersecurity integration:
- Start with your own cybersecurity integration business plan! Make a list of all security tools used by your company and analyze their purpose and efficacy.
- Think about the gaps in your security system. Establish where you think you are most vulnerable and where it can be the easiest for a criminal to get in.
- Brainstorm the solutions available: think about what should be integrated, what could be updated, and what needs to be replaced asap.
- Think about which systems should share information so that analysts don’t need to cross-check multiple platforms.
Integrate Cybersecurity IT with Training
It’s clear that technology alone cannot solve all cybersecurity threats. It’s also clearly time that we leverage security IT to help our security awareness and training be more efficient, impactful, and applicable to the employees in the enterprise. 2021 brings a new level of integration through Human Risk Management, to help you turn every employee into a security champion.
It’s time to bring about proven, lasting behavior and culture change. People aren’t the problem, they are the solution.
Want to read more? Download your free 7 Essential Trends of Human Risk Management for 2021 eBook.