Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/28/2020
09:00 AM
By John Delk, General Manager, Security, Micro Focus
By John Delk, General Manager, Security, Micro Focus
Sponsored Article
50%
50%

Cyber Resilience Is Essential for Successful Digital Transformation

The pace of digital transformation and cyber resilience has increased over the last several years. Are you keeping up?

Digital Transformation (DX) has come to represent all the ways that companies can deliver better business results by moving their systems, processes, and data in a direction that is more connected and provides a more intimate customer and partner experience.  What was once thought of as a destination is now an ongoing evolution, with increasing levels of stakeholder connectivity and brand intimacy as foundational outcomes.  To best protect a company’s assets, security must be thought of in the same fashion: companies needs continually evolve and adapt to be more resilient in order to drive key outcomes.

Cyber resilience refers to a company’s ability to continuously and intelligently deliver an intended outcome, despite adverse cyber events. It is an evolving perspective that is rapidly gaining recognition. The concept essentially brings the areas of information security, business continuity, and organizational resilience together.

The pace of adoption of DX and cyber resilience has been significantly increasing over the last several years and has now accelerated again due to the COVID-19 pandemic. The explosion of work-from-home requirements and the change in consumer behavior to predominantly online has brought a huge shift in the way companies manage their systems and processes, and a corresponding change in how we need to secure them.

With the advent of 5G and proliferation of the Internet of Things (IOT), change and the need to continuously adapt will accelerate further in a hyper-connected world, with every appliance, machine, camera, or car streaming real-time data which will be used by companies to provide an even higher level of intimacy and personalization.  The focus for cyber resilience has to be able to evolve and match this increasing pace of change to ensure businesses are delivering on the desired level of customer service and security for their stakeholders.

Adapting in your New "Home"
Existing cybersecurity frameworks such as NIST and MITRE provide great guidelines for InfoSec teams by shining a light on the core elements of security. However, given the rapid change of pace associated with DX, being able to evolve and adapt is paramount.

To convey this in a real-world example, let’s look at moving to a new residence. In your current house or apartment, it’s possible to walk around in the dark without bumping into furniture, decorations or walls because you’re familiar with the layout. IT systems and processes are similar. Either through proper asset management and or tacit knowledge the “layout” of IT systems, becomes more and more familiar. Additionally, these systems have been managed the same way for years, when customer data was only in a few systems, IT tools were static, and security meant anti-virus, firewalls, and passwords.

However, with DX, many aspects of IT have suddenly changed and layers of IT have grown exponentially. As new applications are introduced, customer data is now found in many new places as infrastructure is increasingly distributed across many clouds and internally managed data centers. Where your old house was a single story, with three beds and two baths. The new “DX” house for IT is a multi-story, three bed, two bath with bonus room and basement connected smart house resembling an Escher print. It’s almost impossible NOT to bump into furniture in the dark because everything has changed.

From a security perspective, this puts companies in a more difficult position when it comes to compliance with data privacy and other industry regulations.  The added complexity for most CISO’s is the difficulty security teams have finding and retaining the right talent which is exacerbated by the new ‘houses’ everyone finds themselves in. Amid this unfamiliar landscape, the requirements for cybersecurity are stressed in new and different ways, which force CISOs to focus on key outcomes such as:

  • Knowing where ALL the business-critical data is and how it’s being used, shared, stored and protected
  • Giving users just enough access to do their jobs and govern privileges in real-time
  • Securing and continuously testing, scanning and hardening all applications
  • Detecting insider and advanced threats in real-time while responding and recovering from breaches automatically

The Keystone of Successful Resilience
The emergence of data science and the ability to implement unsupervised machine learning offers a new way to think about the evolving security posture.  Being able to intelligently adapt as the business increases focus on protecting identities, applications, and data in unison can help deliver optimized results which in turn enables organizations to keep pace with change.  Just as outlined in the earlier example, where the recent pandemic has accelerated DX, it has also led organizations to think differently about their workforce patterns.

The shift to open and remote work environments in turn results in an influx in behavioral data as business strive to dynamically manage endpoints and the connections between them. A modern Endpoint Detection & Response (EDR) approach has the ability to perform anomaly detection at scale built in, allowing for near real-time detection and response. This paradigm of combining the power of machine and human intelligence provides better insights into events, incidents, and behaviors and thus increases the cyber resiliency of the organization.

The combination of focusing on the key outcomes, along with the ability to intelligently adapt is the key to building cyber resiliency as an embedded feature of the new ‘house’ of IT.  It is also essential for an evolving and adaptable approach to digital transformation that is not just smart but will also allow CISOs to create a blueprint to match the current and future pace of change.

About the Author: John Delk, General Manager, Security, Micro Focus
John Delk is the general manager for security at Micro Focus, a software company that helps organizations run and transform their business. Driven by customer-centric innovation, Micro Focus software provides the critical tools organizations need to accelerate, simplify, secure, and analyze the enterprise. By design, these tools bridge the gap between existing and emerging technologies -- enabling faster innovation, with less risk, in the race to digital transformation.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20527
PUBLISHED: 2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
CVE-2021-27028
PUBLISHED: 2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.
CVE-2021-27029
PUBLISHED: 2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.
CVE-2021-27030
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVE-2021-27031
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.