Vibhav Agarwal

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy

A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as an afterthought. These include a rapid increase in the number of internet connected devices, an increased dependency on third party applications, self-provisioning as a result of bring-your-own-device and public cloud. Add to these, unprecedented levels of smart phone and mobile device adoption and we can see that the cybersecurity ‘attack surface’ has increased massively.

According to MetricStream’s, ‘The State of Cyber Security in the Financial Services Industry’ report, around 66 percent of financial services institutions have faced at least one cyber-attack in the last 12 months. The cost of this, which can be catastrophic, can include regulatory penalties, eroded share prices, a loss of customer confidence and reputational damage. It can even result in a complete shutdown of the business.”

It is clear therefore, that organizations need to constantly evolve their security strategies and tactics to safeguard data, systems and operations against ever-evolving security risks.

In today’s cloud era, an effective strategy should leverage industry-standard cybersecurity frameworks and unified threat management systems. A sole reliance on traditional approaches and tools, such as firewalls and security solutions, may now leave networks exposed.

Companies attracted by the cost, flexibility and adaptability of cloud still have concerns over how secure it is. According to Crowd Research Partners’ 2016 Cloud Security Spotlight Report, security concerns top the list of barriers to cloud adoption and one in three organizations say external sharing of sensitive information is the biggest security threat.

Cybersecurity Strategies and Risks

Understanding the Cyber Landscape

The constant threat of cyber-attacks hangs over all businesses. So prevalent are security breaches that over half (54 percent) of cybersecurity professionals anticipate a successful cyber-attack on their organization in the next twelve months, while Ponemon tells us there is a 26 percent likelihood that a material data breach involving 10,000 lost or stolen records will occur in the next 24 months.

The explosive growth in digital transactions, together with the increased volume of personal and sensitive information now stored digitally has raised the potential for targeted attacks.  The emergence of cybersecurity threats can be broadly attributed to:

  • Consumerization resulting in a loss of data control and device usage beyond the traditional data center
  • Collaboration that means highly sensitive data is now shared across channels and platforms
  • Innovation, and with it the lack of clear understanding of the risks and threats due to cloud, social media, virtualization, mobile and shared services.

It is a challenge to keep pace with technological change and to adapt to new ways of protecting data from internal and external threats. Not surprisingly therefore, cybersecurity is one of the top priorities for regulators during supervisory reviews.

Add to this the complexity of maintaining compliance with evolving regulations, such as the EU’s General Data Protection Regulation (GDPR), Federal Information Security Management Act (FISMA), Gramm-Leach-Bliley Act and the Homeland Security Act and a significant effort has to be put into assessing current policies and practices to ensure compliance.

Principles of an Effective Cybersecurity Strategy

An effective cybersecurity strategy should be sufficiently flexible to cope with the evolving threat landscape and should:

  • Include the implementation of security policies
  • Incorporate security assessment models such as the Open Web Application Security Project (OWASP), the Software Assurance Maturity Model (SAMM) and other industry standard frameworks
  • Monitor for early warnings, continually gathering threat intelligence accordingly
  • Include a rapid response plan including crisis communications, so that the business is prepared to minimize material impact should a cyber-attack occur.

A cybersecurity framework is a good starting point for enterprises to define, adopt and refine the critical infrastructure. It helps organizations to assess current capabilities and draft a prioritized roadmap towards improved cybersecurity practices.

Frameworks provide a toolkit to assess security measures against industry standard best practices and compliance requirements. The Federal Financial Institutions Examination Council (FFIEC), National Institute of Standards and Technology (NIST) and other regulatory bodies have all released specific frameworks and tools to strengthen cybersecurity policies.

Enterprises today allocate considerable budget and resource to establish security policies and adopt industry frameworks. However, with threats becoming more sophisticated, it is extremely important for organizations to invest in threat intelligence systems and better business continuity, disaster recovery and redundancy mechanisms.

What Cybersecurity Means in a Cloud Era

Cloud abuse is one of the top cybersecurity threats. The recent spear phishing campaign on Dropbox’s cloud storage, where the attackers were able to carry out their activity while hiding as legitimate users shows that attackers continually adapt new technologies as well as vulnerabilities to further their ends.

Alarmingly, as per the 2016 Cloud Security Spotlight Report, a huge majority (84 percent) of cybersecurity professionals are dissatisfied with traditional security tools when applied to cloud infrastructure. The report also states that unauthorized access or improper access controls is the single biggest threat to cloud security, followed by hijacking of accounts (44 percent) and insecure interfaces/APIs.

Organizations need secure cloud to preserve the integrity of systems and operations and to protect their data, and for this they must work collaboratively on risk assessment and security planning with cloud service providers. Clarity and rigor is required around security protocols including access and data separation as well as roles and responsibilities around compliance and assurance over business continuity.

Is Cloud Enabled Cybersecurity the Way Forward?

PwC's Global State of Information Security Survey 2016 highlights the importance of using cloud-based monitoring and analysis technologies and adopting new safeguards for digital business models. Cloud-based threat management systems allow organizations to rapidly identify and analyze a threat in order to take action.

The future lies in harnessing the power of cloud to improve cybersecurity for organizations. This includes using cloud to create highly secure platforms which can be used to block any tools and procedures used by the attackers.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website

CONTRIBUTORS

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...