What are the biggest problems in the Cyber security industry and why?
Businesses often make the mistake
of executing a reactive- rather than a pro-active approach tocyber security. Most often they rely on
blocking techniques which are proven to be ineffective.
One of the biggest issue in IT
security is how to manage the velocity, volume, and complexity of the information
generated by a number of IT securitytools
in a normal enterprise.Feeds from this disconnected, isolated tools must be
examined & normalized. Remediation efforts must be prioritized. The more
tools, more difficult the challenge.
Eventually, this data
accumulation and analysis requires multitudes of personnel to look through the enormous
amounts of information to match up and find the required minute detail from the
junk. These efforts can take time, while hackers can exploit susceptibilities
and extract sensitive information.
Even if an enterprise can hire
enough experts and resources to perform this examination, they often misalign
remediation work by relying on the internal security intel that lacks context
in relation to active threats and which particular vulnerabilities they are manipulating.
Without taking the external
threat information and business criticality into consideration, the security
teams can concentrate on extenuating the wrong gaps.
What are the factors that reduce the efficacy by cyber security
programs?
·
One
Dimensional View
Primarily,
many business and vendors still give emphasis on network layer, while ignoring
other areas of the attack surface, for e.g. application layer. A holistic view
of the attack surface, is the need of the day, to match the tactics and
competency of the rivals.
The Verizon
data breach in 2016 report confirms this point. The network layer and end
points are just one part of riddle. The attack platform has grown intensely and
therefore security efforts in Technology market must align as a result.
·
CVE Focus
Secondarily,
most vulnerability management tools depend on CVE [ Common vulnerabilities and
exposure], which can lead can lead to a misplacement of resources.
For e.g. the POODLE
vulnerability which happened in 2014. At the time it was available, it got a
5.5 assessment by the National Vulnerability Database [ NVD]. It is common to sift
susceptibilities and only concentrate on those with 7 point or higher CVD.
Implementing this model, POODLE vulnerability would have been overlooked. Thus,
recognizing the threat, many companies would have been able to adjust the
remediation priorities and speak about the POODLE theat.
This incident portrays the necessity of contextualizing the
internal security intel with external risk information.
To develop the odds of overcoming
cyber threats, enterprises should implement the following three practices:
·
Escalate the frequency of security posture
assessments as broadcasted by the
National Institute of Standard and technology’s – continuous observing and
diagnostic guidelines
·
Given the shortage of qualified security
personnel, influence technology to automate as many security operations tasks
as conceivable.
·
Finally, companies can extend security measures
to focus today’s growing attack surface. This consist of moving beyond the
network layer and endpoints, to include databases, applications, IOT and cloud
environments etc.
To conclude, it is no longer
feasible to handle the threats individually, taking into account the steep
volume of protection gaps that exist. Therefore, an all-inclusive method that
reflects the business impact as well as security posture can curtail attack
surfaces and then reduce the dwell period during which susceptibilities can be
manipulated.
No comments:
Post a Comment