Breaches of Equifax, HBO and Uber made headlines in 2017, and 2018 will have its own share of high-profile breaches. As the threat landscape continues to evolve, cybercriminals are becoming more creative and expanding their attack vectors. The industry spends billions trying to protect against every imaginable threat, but experts tell you that, no matter how much you spend, it's never enough.
The mistake most companies make is that they focus solely on security products, thinking: "If I have this product, then I am safe." The reality is that a security product focuses on only one attack vector (e.g., email), but you need to think about more than just email to truly be safe. But where to start? There is an endless supply of products and services available for every known vulnerability and attack vector a company could possibly have. In other words, without knowing better, a company could spend everything down to its last dime on cybersecurity.
Which raises the question: If not in security products, how else should you beef up your cybersecurity posture?
Focusing On Prevention Is Not Enough
Cybercrime today is rampant, and businesses must be pragmatic about the threats they face. “It’s not a matter of if but when” is a common industry warning to companies about the dangers they face of being breached. The truth, however, is even more sobering. “When” has come and gone -- there's a good chance you've already been compromised, and you need to find the breach.
To do so requires shifting from a preventative mindset to one centered on threat detection and response and allocating your cybersecurity budget accordingly. Spending in this area is already a top priority for many organizations.
Imagine your IT network as a human body. To stay healthy, people often turn from one fad diet to another -- Atkin’s, to South Beach, to Paleo, to whatever comes next. The result? In the long run, they’re not much better off than when they started. That’s largely been the approach of many companies to cybersecurity. They’ve moved along from whatever preventive security product is the current rage -- including gateway, endpoint and firewall products -- yet still struggle to meet the challenges posed by the latest cyber threats.
Just like how diets can give people a false sense of wellbeing, relying entirely on prevention-focused products gives companies a false sense of cybersecurity. For people, there are sometimes underlying health issues and diseases only a doctor can diagnose. The same goes for corporate security.
Threat Detection And Response Is The Future
You need proper threat detection and response capabilities -- in terms of technology, an action plan and a well-versed security team -- to quickly address and successfully remediate the inevitable attacks yet to come. This will not only improve your security posture but will also ensure your security spending yields a bigger bang for the buck. With an average cost of $89,000 to respond to an incident, incident response (IR) is becoming essential.
Effective threat detection and response requires having dedicated security experts on your IT team who are experienced in forensic analysis and triage. They must be able to diagnose threats and weed out false-positive alerts from ones that require real investigation. As cyberattacks know no set hours, security experts need to be on the lookout 24/7 and always respond at a moment’s notice.
Equally important are the processes your organization establishes for responding to attacks when they do occur. From a strategic point of view, you need to consider the ramifications of a breach and how your company’s customers, partners and other stakeholders could be affected. And it’s always wise to periodically assess your IR capabilities by running threat simulation exercises to ascertain whether you’re prepared to successfully thwart or mitigate attacks before they actually happen.
On the technology side, companies can choose to purchase end-point threat detection and response services, which provide some coverage but leave security gaps. For comprehensive security visibility across your entire network, you need to properly monitor events at all times. For this purpose, security information and event management (SIEM) technology is ideal. SIEM tech, however, on its own doesn’t provide much value. Its effectiveness requires round-the-clock staffing of an IT team with security expertise, which many companies lack. However, as the core technology within a security operations center (SOC), which combines all of these elements together -- the people, processes and technology -- companies can swiftly identify and address today’s cyber threats.
Build Vs. Buy
Building a threat detection and response capability internally can cost millions once the cost of software, hardware and personnel are considered. Many companies choose to build it themselves but find it too costly to maintain. Others seek more affordable outsourced help through managed security service providers (MSSPs). But keep in mind that this solution likely only gets you halfway there. With an MSSP managing the entirety of your network’s security, you lose understanding of your own security posture and lose insight into not only the threats you face but the tools being used to combat them. For industries with heavy compliance requirements like financial services and health care, this can be a non-starter.
Remember, it’s not a case of whether you will be breached -- because you likely already have. So, don’t wait any longer. Refocus your cybersecurity spending on efforts beyond prevention in favor of threat detection and response.
