Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/14/2019
10:30 AM
Gaurav Banga
Gaurav Banga
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Create a Dream Team for the New Age of Cybersecurity

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

Today, enterprises consist of complex interconnected environments made up of infrastructure devices, servers, fixed and mobile end-user devices and a variety of applications hosted on-premises and in the cloud. The problem is traditional cybersecurity teams were not designed to handle such complexities. Cybersecurity teams were originally built around traditional IT—with a specific set of people focused on a specific set of tools and projects.

As enterprise environments have grown, this siloed approach to cybersecurity no longer works. When each member of your security team is only focused on one narrow slice of the pie, it’s far too easy for adversaries to enter through the cracks. The following are critical steps chief information security officers (CISOs) must take in order to establish a dream team for the new age of cybersecurity.

1. Take a Talent Inventory
Before making any new hires, CISOs should evaluate their current cybersecurity talent and determine the competencies and gaps of each member on the existing team. Ideally, you want people who think creatively — and can think like the adversary. Successful hackers are resourceful and inventive, and they are looking for ways around your standard security controls. If the members of your security team are only concerned with whether existing controls are working correctly, you're going to get hacked. The attack surface is massive and growing every day, and your security team must include individuals who continuously look for vulnerabilities the adversary could exploit — no matter where they are — so these issues can be addressed.

2. Hire Top Talent or Outsource Top Talent
Hiring and retaining top talent for your cybersecurity team is crucial to successfully increasing cyber-resilience. This is not easy, especially when the cybersecurity skills shortage is only worsening. Training existing employees on security skills and arming them with new tools that leverage artificial intelligence, machine learning, and automation for a force multiplier effect is one way you can go. Alternatively, CISOs can choose to outsource parts of the security function to expert managed security service providers (MSSPs). No matter how you choose to assemble your team, it is critical that your security team understands your specific business and network context as well as your focus on improving cyber-resilience, and have the needed skills and tools to protect business-critical assets while continuously improving security posture.

3. Get Companywide Buy-in (Including Your Board)
Gone are the days when cyber-risk was manageable solely by the security team. According to Gartner, at least 95% of security failures through 2022 will be the result of human error. This could potentially stem from anyone in the company. All stakeholders in a business — including C-suite, employees, customers, partners, vendors, etc. — MUST be educated on how their actions can positively or negatively affect the security of their company, and how the success of the company lives and dies with cyber-resilience.

Security today is a business issue, not just a technology one, and everyone must do their part. CISOs need to shoulder the primary responsibility of getting everyone in the company aligned with their security objectives. CISOs must engage with their board of directors, educate them on cybersecurity challenges, and get them on board (no pun intended) with stated objectives and approaches to improving cyber-resilience. For example, after sharing a security posture transformation plan with his/her board, the CISO can follow up in three- or six-month increments and share exactly how much cyber breach risk has been reduced during the time period. CISOs should be able to quantify this with calculations and trends for items such as: "risk to intellectual property,""risk of operational disruption" and "risk to customer data." 

4. Get Proactive and Prioritize Accordingly
Many security tactics focus on reactively detecting and remediating attacks. Security teams are often completely overwhelmed trying to sift through alerts. If this is all we do, we will always be behind and will never get ahead of the adversary. Rather than being purely defensive, security teams should instead focus more efforts on predicting and proactively avoiding breaches. CISOs should set aside budget and team resources that focus exclusively on proactive efforts to improve the enterprise security posture.

That said, there are myriad potential attacks that threaten organizations through hundreds of attack vectors, making it impossible for CISOs to proactively protect all assets at all times. Therefore, CISOs must differentiate what is critical and what is less important in order to prioritize the necessary actions to protect essential business assets and information. It's also important to institute programs that address cybersecurity posture in a strategic manner, such as two-factor authentication, password managers, impact-based mean-time-to-patch SLAs, bastion hosts, and dynamic network segmentation. 

5. Add AI to Your Team
With the number of cybersecurity threats growing every day and increased digitization of assets/processes that could be vulnerable to those threats, it is mathematically impossible for humans to monitor for threats and sift through hundreds of thousands of vulnerabilities to determine which to prioritize. Even the largest security team composed of the most skilled IT professionals can't effectively accomplish this without the assistance of artificial intelligence. These tools, which continuously monitor all assets and proactively predict what vulnerabilities are most likely to be exploited, are becoming increasingly essential for keeping up with the constantly evolving attack methods employed by cybercriminals, as well as the ongoing digital transformation of enterprises. Humans are certainly still needed to effectively manage cybersecurity, but AI needs to be a welcome new member to the team.

Follow the above five tips, and you will have a dream team truly prepared to protect your business in this new age of cybersecurity.

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Gaurav Banga is the founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was co-founder and CEO of Bromium and led the company from inception for over five years. Gaurav has a Ph.D. in computer science from Rice University, and a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.