Cloud

2/14/2019
10:30 AM
Gaurav Banga
Gaurav Banga
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Create a Dream Team for the New Age of Cybersecurity

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

Today, enterprises consist of complex interconnected environments made up of infrastructure devices, servers, fixed and mobile end-user devices and a variety of applications hosted on-premises and in the cloud. The problem is traditional cybersecurity teams were not designed to handle such complexities. Cybersecurity teams were originally built around traditional IT—with a specific set of people focused on a specific set of tools and projects.

As enterprise environments have grown, this siloed approach to cybersecurity no longer works. When each member of your security team is only focused on one narrow slice of the pie, it’s far too easy for adversaries to enter through the cracks. The following are critical steps chief information security officers (CISOs) must take in order to establish a dream team for the new age of cybersecurity.

1. Take a Talent Inventory
Before making any new hires, CISOs should evaluate their current cybersecurity talent and determine the competencies and gaps of each member on the existing team. Ideally, you want people who think creatively — and can think like the adversary. Successful hackers are resourceful and inventive, and they are looking for ways around your standard security controls. If the members of your security team are only concerned with whether existing controls are working correctly, you're going to get hacked. The attack surface is massive and growing every day, and your security team must include individuals who continuously look for vulnerabilities the adversary could exploit — no matter where they are — so these issues can be addressed.

2. Hire Top Talent or Outsource Top Talent
Hiring and retaining top talent for your cybersecurity team is crucial to successfully increasing cyber-resilience. This is not easy, especially when the cybersecurity skills shortage is only worsening. Training existing employees on security skills and arming them with new tools that leverage artificial intelligence, machine learning, and automation for a force multiplier effect is one way you can go. Alternatively, CISOs can choose to outsource parts of the security function to expert managed security service providers (MSSPs). No matter how you choose to assemble your team, it is critical that your security team understands your specific business and network context as well as your focus on improving cyber-resilience, and have the needed skills and tools to protect business-critical assets while continuously improving security posture.

3. Get Companywide Buy-in (Including Your Board)
Gone are the days when cyber-risk was manageable solely by the security team. According to Gartner, at least 95% of security failures through 2022 will be the result of human error. This could potentially stem from anyone in the company. All stakeholders in a business — including C-suite, employees, customers, partners, vendors, etc. — MUST be educated on how their actions can positively or negatively affect the security of their company, and how the success of the company lives and dies with cyber-resilience.

Security today is a business issue, not just a technology one, and everyone must do their part. CISOs need to shoulder the primary responsibility of getting everyone in the company aligned with their security objectives. CISOs must engage with their board of directors, educate them on cybersecurity challenges, and get them on board (no pun intended) with stated objectives and approaches to improving cyber-resilience. For example, after sharing a security posture transformation plan with his/her board, the CISO can follow up in three- or six-month increments and share exactly how much cyber breach risk has been reduced during the time period. CISOs should be able to quantify this with calculations and trends for items such as: "risk to intellectual property,""risk of operational disruption" and "risk to customer data." 

4. Get Proactive and Prioritize Accordingly
Many security tactics focus on reactively detecting and remediating attacks. Security teams are often completely overwhelmed trying to sift through alerts. If this is all we do, we will always be behind and will never get ahead of the adversary. Rather than being purely defensive, security teams should instead focus more efforts on predicting and proactively avoiding breaches. CISOs should set aside budget and team resources that focus exclusively on proactive efforts to improve the enterprise security posture.

That said, there are myriad potential attacks that threaten organizations through hundreds of attack vectors, making it impossible for CISOs to proactively protect all assets at all times. Therefore, CISOs must differentiate what is critical and what is less important in order to prioritize the necessary actions to protect essential business assets and information. It's also important to institute programs that address cybersecurity posture in a strategic manner, such as two-factor authentication, password managers, impact-based mean-time-to-patch SLAs, bastion hosts, and dynamic network segmentation. 

5. Add AI to Your Team
With the number of cybersecurity threats growing every day and increased digitization of assets/processes that could be vulnerable to those threats, it is mathematically impossible for humans to monitor for threats and sift through hundreds of thousands of vulnerabilities to determine which to prioritize. Even the largest security team composed of the most skilled IT professionals can't effectively accomplish this without the assistance of artificial intelligence. These tools, which continuously monitor all assets and proactively predict what vulnerabilities are most likely to be exploited, are becoming increasingly essential for keeping up with the constantly evolving attack methods employed by cybercriminals, as well as the ongoing digital transformation of enterprises. Humans are certainly still needed to effectively manage cybersecurity, but AI needs to be a welcome new member to the team.

Follow the above five tips, and you will have a dream team truly prepared to protect your business in this new age of cybersecurity.

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Gaurav Banga is the founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was co-founder and CEO of Bromium and led the company from inception for over five years. Gaurav has a Ph.D. in computer science from Rice University, and a ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...