It’s been a week since I attended the LinkedIn Live stream, “The Importance of Security, Right Now”, where I shared my views on cybersecurity from the viewpoint of a Managed Service Provider (MSP). As CTO at Timico, I speak to our customers on a daily basis about their cybersecurity, so I hope that this roundup will share some of the key things that businesses need to think about when they come to make their own decisions surrounding their cybersecurity posture.
Digital transformation and cloud migration are steering IT strategy and driving changes to the way in which organizations do business. Unfortunately, cyber criminals are just as adept—if not more so—at digital transformation, and they are always looking for innovative ways to circumvent security and compromise your applications and data. Companies are increasingly focused on ensuring they can detect and respond to attacks as quickly as possible. Effective cybersecurity is urgent right now in order to protect against exploits and attacks.
The COVID-19 pandemic has, and still is, forcing many companies to accelerate digital transformation and quickly adapt to a completely remote workforce. Attackers also recognized an opportunity to exploit the chaos and confusion. There has been a rise in phishing attacks aimed at credential compromise and malware or ransomware infections as attackers strive to take advantage of the conditions resulting from the pandemic.
Challenges of Cybersecurity Today
We live in a cloud world. With so many vendors, technologies, and partners to choose from, you have to ask, “Where do I start?” Cybersecurity tools can be costly and complex, and there is a global shortage of cybersecurity professionals with the right skills and knowledge for the job. How can you most effectively invest in security—knowing that you have a limited budget and resources available to try and defend a shifting technology landscape and a rapidly expanding attack surface?
Each organization is unique and comes from a different base-level ecosystem. It’s important to simplify security and to be able to help customers identify and manage risk across a broad IT landscape. You need to be able to provide the appropriate level of protection for assets based on their relative value and potential impact within the context of the environment.
Effective cybersecurity today requires constant vigilance and a cloud-native solution. You need protection that spans your complete environment—including both on-premises assets and cloud platforms like AWS and Azure. You need security tools and services that can scale to meet the needs of a hybrid cloud infrastructure, and you need cybersecurity professionals monitoring your environment 24/7 for signs of suspicious or malicious activity.
Alert Logic are a key provider in Timico’s Security portfolio; we partner with them to deliver protection for our customers. From our partners, we constantly get the latest global threat intelligence to help us keep our customers secure. We have visibility into new and emerging threats so we can take proactive steps to guard against those attacks, or readily identify them as the attacks occur.
Rapid Response Is Crucial
There is no such thing as 100% effective prevention. I think the most sensible approach to cybersecurity is to assume the possibility of a successful breach. Essentially, it is a matter of when, not if, and adopting that mindset is actually somewhat liberating.
Even if you run a 24/7 SOC (security operations center) and your analysis indicates that you seem to be catching all of the attacks, you need to ask yourself the question, “What attacks am I missing?”
The smarter and more effective strategy is to assume successful attacks will occur and to focus instead on managing and lowering risk while increasing your ability to quickly identify and respond to malicious activity on your network.
Cybersecurity Tools vs. Services
Cybersecurity models like the NIST (National Institute of Standards and Technology) Cybersecurity Framework prescribe that companies be able to identify, protect, detect, respond, and recover from cyber threats. There are tools involved in each one of those elements, but the tool itself is not the important part.
Technology is fallible. Nothing is 100% accurate. There are false positives and false negatives, and a need to properly prioritize threats within the unique context of your environment. Your environment is comprised of various vendors, technologies, and users. The reality is that there is no “silver bullet” tool that can remove the need for skilled professionals to provide the necessary service. Efficient and effective response is a function of cybersecurity expertise more than tools.
You need effective security now. You need security that monitors your entire environment around the clock and includes the right tools, combined with the cybersecurity expertise to properly prioritize and respond to incidents.