Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Today’s Cyber Defense Challenges: Complexity and a False Sense of Security

Industry standard frameworks and guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats.

There are quite a few industry standards (e.g., ISO/IEC 27001, PCI DSS 4.0) and government regulations (e.g., HIPAA, FISMA, CISA) that provide practical advice on what security controls to establish to minimize an organization’s risk exposure.

Unfortunately, these guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter is very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming (e.g., Constellation Software, NextGen Healthcare, San Bernardino County Sheriff’s Department). As it turns out, purchasing more security tools only adds to complexity in enterprise environments and creates a false sense of security that contributes to today’s cybersecurity challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cybersecurity risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

A Complex Environment

As an example, according to the 2023 Resilience Index (PDF) more than 80% of devices use the Microsoft® Windows® OS, with the large majority on Windows 10. At first glance, this might appear homogenous and easy to manage; however, the reality is that IT practitioners are struggling to keep their employees’ endpoints up to date with 14 different versions and more than 800 builds and patches present.

Adding to the complexity IT and security teams must deal with, is the number of installed applications on devices. According to the same report, there are 67 applications installed on the average enterprise device, with 10% of those devices having more than 100 applications installed.

The sheer number of applications installed on enterprise devices – as well as the variety of operating system versions and builds – make it difficult for IT and security teams to maintain those apps or patch them. This situation negatively impacts their ability to minimize exposure to known vulnerabilities. In turn, it’s not surprising that it takes on average 149 days for small companies, 151 days for medium and large enterprises, and 158 days for very large organizations to patch their endpoints’ operating systems.

A False Sense of Security

Advertisement. Scroll to continue reading.

To address a new challenge or threat, enterprises often purchase more solutions. Organizations are spending tens of billions of dollars annually on endpoint security alone. In turn, it’s not surprising that there are more than 11 security applications installed on the average work-issued laptop.

An enterprise’s security posture is only as strong as the security controls that support it. If left unchecked, every security control deployed on the endpoint represents a potential vulnerability if it is not running and able to perform its job. Common decay, unintentional deletion, or malicious actions all impact the integrity and efficacy of security applications and endpoint management tools.

And while IT and security practitioners agree that security tools like Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), anti-virus, etc. are essential to defend against attacks, they lack visibility into the tools’ security efficacy. The 2023 Resilience Index data shows that 25 – 30% of devices had unhealthy security controls, emphasizing that it’s not about deploying security controls but instead making sure that they’re always functioning as intended.

In this context, we cannot forget about remote access applications, as they have become the lifeline to enterprises. Mobile workers require secure, but frictionless access to corporate resources that nowadays can reside anywhere. That’s why these technologies have become the intersection between endpoints and corporate networks. In turn, it is essential that the integrity of these tools is not tampered with. However, the data shows these critical tools are either not installed or are not at the required version level on more than 30% of devices, exposing organizations to unnecessary risk.

Making Security Work

That’s why cyber resilience matters, which according to MITRE “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure that an adverse cyber event, whether intentional or unintentional, does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.

Cyber resilience strategies encompass, but are not limited to the following best practices:

  • Maintain a trusted connection with endpoints to detect unsafe behaviors or conditions that could put sensitive data at risk. This includes having granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device. This always-on connectivity can help with reimaging the operating system in case of a ransomware attack.
  • Monitor and repair misconfigurations (automatically when possible), as organizations cannot assume that the health of their IT controls or security will remain stable over time.
  • Monitor network connectivity status, security posture, and potential threat exposure to enforce acceptable use via dynamic Web filtering.
  • Enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device posture, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.

Ultimately, it’s all about strengthening an organization’s compliance posture, assuring secure and reliable network access, and making sure that employees can confidently get to work, and keep working, no matter where risk finds them.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...