Why do security teams run before they can walk? asks Andy Milne, Regional Vice President of Northern Europe at the cyber company Forescout. He discusses how security teams can bridge the gap between advanced threat detection and foundational security processes
In the pursuit of combating ever-evolving cyber threats, security teams often prioritise advanced threat prevention, detection and response initiatives at the expense of basic security processes. However, neglecting the foundational aspects can expose organisations to significant risks.
With reports indicating that there are 2,200 cyberattacks per day, with an attack happening every 39 seconds on average, it’s no wonder that security teams focus on preventing, or at least detecting, the most sophisticated attacks. However, understanding the entirety of the attack surface, assessing cyber hygiene and consistently stressing security basics remain the most important practices for organisations to ensure they are prepared for an attack.
Asset identification, classification, patching, vulnerability management, configuration, compliance and end-user security awareness training are all critical in building a strong security foundation. Yet, many teams leap-frog these essential processes in favour of more exciting initiatives like Artificial Intelligence (AI) or zero trust architectures.
Whilst these technologies are enabling organisations to keep pace with the ever-evolving cyber threat landscape, without a strong foundation, even the most cutting-edge capabilities can only provide temporary relief.
The pitfalls of neglecting basic security processes
Neglecting basic cybersecurity processes can have far-reaching consequences. Long story short, cyberattacks are lengthy, costly, and messy. And every organisation is a target. From financial losses to reputational damage, legal repercussions, and disrupted business operations, the impact of poor cybersecurity practices are severe.
One of the primary pitfalls of poor security hygiene is the increased risk of data breaches. Data is an increasingly valuable currency and organisations are a one-stop shop for cyber attackers. In fact, its predicted that by the end of 2023, more than 33 billion records will be stolen, an increase of 175pc from 2018. Furthermore, the average cost of a data breach is expected to hit $5 million by next year.
Cybercriminals are constantly evolving their tactics, and even a minor oversight in security can lead to a major data breach. Not only does this impact an organisation, both financially and reputationally, but it also undermines the trust of customers and clients, who expect their personal data and sensitive information to be handled with the utmost care.
Failing to implement fundamental security measures such as multifactor authentication, strong passwords, regular software updates, and secure network configurations can result in customer data, financial records or intellectual property being sold, or published, on the dark web. Depending on the type of data, it can also be encrypted and held for ransom. In some cases, organisations may be forced to suspend operations temporarily, impacting their ability to serve customers, deliver products or services, and meet contractual obligations. This can lead to significant downtime and ramifications on their bottom line.
Another pitfall of neglecting basic security processes is the potential for system vulnerabilities to go unnoticed and unaddressed. This could be a missed software update or system misconfiguration, which could then be exploited by cyber attackers to access the network and gain a foothold within an organisations IT environment.
Without proper monitoring and maintenance, these vulnerabilities can remain undetected for extended periods, leaving the organisation susceptible to unauthorised access and other malicious activities. When organisations fail to implement essential security measures, such as regular software updates, intrusion detection systems, and access controls, they not only increase the risk of attacks but also prolong the time it takes to identify and mitigate potential threats.
Five foundational processes to minimise risk
With so many types and methods of cyberattacks, maintaining good security hygiene can feel daunting even on a good day. Fortunately, the key steps to a comprehensive cybersecurity strategy are simple.
First and foremost, asset identification and classification. This involves identifying and categorising an organisation’s assets, such as hardware, software, and data, to prioritise their protection. This process allows organisations to allocate resources effectively and implement appropriate security controls, such as access privileges, based on the value and sensitivity of each asset.
Next, patching and vulnerability management. Regularly applying security patches in a timely manner helps to protect systems and applications from known weaknesses that can be exploited by cyber attackers. Additionally, effective vulnerability management practices involve identifying, prioritising, and remediating vulnerabilities through scanning, penetration testing, and risk assessment.
This is followed by configuration management. This prevents unauthorised changes, reduces the attack surface, and minimises the risk of misconfigurations that could lead to vulnerabilities or system failures. By incorporating configuration management as part of an effective cybersecurity strategy, organisations can improve system integrity and mitigate potential risks associated with insecure or non-compliant configurations.
And finally, end-user security awareness training is crucial for educating employees about security best practices and policies, including how to recognise potential threats. By promoting a security-conscious culture, employees will be encouraged to report any suspicious activities or incidents.
Organisations that adhere to the key steps outlined above, including continuously monitoring network traffic for anomalies, conducting regular security audits, and performing vulnerability assessments, will establish a strong security posture. This comprehensive approach not only ensures compliance with industry regulations and organisational security policies, but also fosters a continuous improvement process for cybersecurity based on the findings.
Striking a balance between advanced initiatives, like Artificial Intelligence (AI) and Machine Learning (ML), and basic security processes is essential. By recognising the value of both and integrating them harmoniously, security teams can bolster their organisation’s resilience against emerging threats.
The hype surrounding the use of these advanced technologies is palpable, and for good reason. They bring a new level of sophistication and agility to the fight against cyber threats. Aided by AI powered algorithms, ML models, behavioural analytics and threat intelligence, organisations have the capability to identify and mitigate sophisticated attacks that may bypass traditional security measures.
Deploying advanced threat detection can help organisations to spot anomalies, zero-day exploits, and emerging threats in real-time, allowing early incident response and reducing the time window for potential damage or data breaches. By integrating advanced threat detection with foundational security processes, organisations can create a multi-layered defence strategy. This defence-in-depth approach significantly strengthens an organisation’s resilience by mitigating risks across multiple attack vectors, both known and unknown, ultimately reducing the likelihood of a successful attack.
The tendency for security teams to run before they can walk often stems from the pressure to keep up with the ever-evolving threat landscape and the desire to adopt the latest technologies and techniques. While the pursuit of innovation is undeniably important, organisations must prioritise basic security processes as the foundation for a sustainable and effective security strategy.
These fundamental processes serve as the building blocks upon which an organisation can construct its resilience. With a solid foundation in place, only then can an organisation channel its efforts towards innovation and advancement.
