As news of more data breaches and third-party originated cyber-attacks continue to make the news, businesses and regulators alike are sharpening their focus on how to report on and mitigate these risks. Board members are demanding quantitative risk data that spans all business operations, while business units need to neutralize the impact of cyber-attacks. So how can companies deal with this challenge and transition to a model that uses more data to assess risks? One way is to implement cyber security operational risk management best practices.
In its most recent annual filing, Target (NYSE: TGT) disclosed that it had incurred over $250 million in cumulative damages relating to its 2013 data breach. This is only one of many examples of the rising cost of data breaches. In addition to their initial impact, data breaches clearly can have long-lasting and far-reaching implications. This is leading more and more organizations to offset their liabilities by taking out insurance. According to a Ponemon Institute study, the adoption rate for cyber-insurance has more than doubled to 26% in the past year. Despite increased investments in perimeter defenses, internal threats still account for nearly 60% of security incidents. These are caused by human error or employees with malicious intent. For example, in late 2014 a Morgan Stanley employee stole personal data belonging to 350,000 of the company’s clients.
To gain a holistic view of cyber risks, organizations have to supplement their current view of network / end point related security threats. Since many attackers are targeting the application layer, tools that focus on the network layer are only covering a small portion of the overall risks associated with cyber-attacks. In fact, organizations have to look even beyond the layers of the Open Systems Interconnection (OSI) model to include processes and people.
The good news is that according to a CyberEdge Group study, 54% of responding organizations indicated that they are looking to replace or augment their current endpoint protection infrastructure. In a review of the 2014 threat landscape, HP Security Research confirmed that enterprises are most successful in securing their environment when employing complementary protection technologies. The research concluded that these technologies work best when paired with a mentality that assumes a breach will occur instead of only working to prevent intrusions and compromise. By using all tools available and not relying just on a single product or service, defenders place themselves in a better position to prevent, detect, and recover from attacks.
However, deploying a variety of security tools to cover all aspects of potential cyber threats creates such volume, velocity, variety, and complexity of data that many organizations feel simply overwhelmed and are not able to harness the power of security intelligence to detect threats early in the kill chain. In its raw form big security data remains only a means to an end. Ultimately, information security decision making should be based on prioritized, actionable insight derived from information. To achieve this, security data needs to be contextualized with its business criticality or risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that in reality pose little or no threat to the business.
Instead organizations should implement Cyber Security Operational Risk Management best practices, which include continuous monitoring, cyber risk visualization, risk-based prioritization, and closed-loop remediation. This approach is designed to operationalize cyber security risk management so that actionable intelligence can be used to orchestrate remediation activities based on the threat they represent to the enterprise.
Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).
More from Torsten George
- Today’s Cyber Defense Challenges: Complexity and a False Sense of Security
- Why Endpoint Resilience Matters
- Ransomware Attacks: Don’t Let Your Guard Down
- Password Dependency: How to Break the Cycle
- Is Enterprise VPN on Life Support or Ripe for Reinvention?
- Cyber Resilience: The New Strategy to Cope With Increased Threats
- Cybersecurity Awareness Month: 5 Actionable Tips
- “Left and Right of Boom” – Having a Winning Strategy
Latest News
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
