This is a contributed piece by Dave Polton, Chief Security Architect at NTT Security
Too many organisations are spending more on cybersecurity measures without experiencing the benefits of increased cyber confidence or capability. We are continuing to see budgets being sucked up on supporting a sprawl of technologies that are sadly leaving organisations with inflexible information security architectures that deliver little return on investment.
The problem is that many organisations are simply trapped in a cycle of compromise when it comes to cybersecurity. Despite having a clear security strategy and investing in technology that has taken them from passive threat response to a more active approach, they remain unable to deliver greater business value and drive continuous performance improvement.
No business can afford to stand still and effective cybersecurity is no different. However, understanding new approaches and evaluating, implementing and maintaining the latest innovative technology solutions can be difficult. There are three main challenges.
Firstly, it is impossible for a business to align and adapt information security decisions with its objectives unless there is proper executive awareness and engagement in structured, regular and ongoing conversations about risk. Focused investment in what really matters to each individual organisation is the only way forward for effective cybersecurity. Those that are joined up in agreeing strategic priorities and performance measures elevate the conversation about cyber risk from an appeal for technology budget to an informed, fact-based business discussion with stakeholders taking part in strategic decision making.
Secondly, security architectures have traditionally evolved piecemeal, reacting to the evolving threat landscape or compliance requirements. The result is disparate technologies that do not continuously adapt to new threats or integrate innovative approaches for taking corrective action. Whether due to lack of resources or technical know-how, many organisations are unable to maximise the functionality of their technology assets which all too often leads to duplicated investment or missed opportunities. Adding even more confusion is the extent of cyber data sources now available to businesses, makes it hard to evaluate and convert the right data into something meaningful for the business.
Thirdly, organisations often lack the external insight and benchmarking required for continuous performance improvement. As well as setting metrics against which business stakeholders can measure performance, organisations need to establish how their cyber capability stacks up in their industry and beyond. This gives them a baseline for strategic investment and improvement, however resourcing constraints can make this challenging. Security specialists are torn between strategic and tactical activities and, unsurprisingly, they find it difficult to move easily between the conflicting roles of predictive analyst and performing the core tactical, compliance and operational aspects of the security lifecycle.
A change in approach
Achieving a central, consistent contextual view of cyber risk is paramount, but it can’t be achieved out of the box. Modern businesses operate in complex IT environments, and getting to grips with the data produced by numerous platforms, systems, and devices – and turning it into insights and actionable metrics – takes more than technology alone.
Organisations can only overcome these challenges by bringing people, process and technology together within a resilient cyber defence architecture that is not only transforming their cyber capability and confidence, but demonstrating clear value to the business too.
Information security professionals need to think differently about how to achieve the best cost versus risk benefit for their organisations. This means focusing on a core architecture that delivers a shift in continuous performance improvement, which will allow them to work to better align the way they predict, prevent, detect and respond to threats.
For organisations that want to change their approach to cybersecurity, achieving a resilient cyber defence capability can appear to be a long and difficult journey – especially when they are expected to maintain business as usual. It needn’t be though. In summary, there are five steps organisations can take to make this transition:
By establishing a resilient cyber security architecture that is responsive to continual business change, the hostile threat landscape and the demands of evolving compliance, only then can organisations take advantage of new business opportunities without compromise.
PREVIOUS ARTICLE«Quotes of the week: “Because you’d be in jail.”
Jon Collins’ in-depth look at tech and society
Phil Muncaster reports on China and beyond