Discover why you need to adopt a risk-based security model to counter the evolving cyber security landscape.
March 21, 2023
Evolving your security posture
With the changing nature of IT, we have moved away from a traditional on-premise paradigm to a more fluid ‘as a service’ model. This means point-in-time activities and point technology solutions are no longer enough to ensure a strong security posture.
A lot of organisations undergo penetration or “pen testing” as a way to identify potential vulnerabilities in their security defences. However, this is of limited value because it’s done within a fixed window in terms of both time and scope, and doesn’t take into account an IT environment where the network edge and the services being consumed by the business are no longer as clearly defined.
The same can be said for signature-based security tools such as anti-virus and firewalls. Many threats such as malicious applications and hacking techniques are newly emerging or regularly fine-tuned, which make it very difficult for vendors to keep up to date in what is, effectively, a cyber security arms race.
Penetration testing and signature-based security tools still form a fundamental component of your cyber security environment, but it’s important that you add capabilities that enable the organisation to factor in people and process, greater levels of automation in detecting and responding to threats and then more proactive approaches that start to predict and prepare the business for potential attacks in the future.
An effective security framework
To gauge your current state of readiness and maturity as well as identify any gaps, our recommendation is to undertake a NIST Cyber Security Framework Maturity assessment, which will score your organisation on a full range of criteria from identification of vulnerabilities to response plans and recovery times.
This approach will help you to develop a risk register and a strategy to focus on addressing key risks and gaps. Comparing your arrangements to something like the Mitre Att&ck Framework will help you understand the tactics being used and how prevalent (or likely) an attack of a specific type might be. You are then able to prioritise your responses to the highest likelihood threats against your most significant assets.
Key insightThis particular framework focuses on the behaviour of an attack rather than the specific signatures/patterns which will regularly change as the attacks evolve over time.
Ultimately, it’s all about continuous monitoring and improvement. Managing the lifecycle of a vulnerability is far more important than a point in time or point solution approach. This might identify the threats and vulnerabilities now, but what might have changed in your own environment or in the wider ecosystem in six months? In that time, you might have completed an update to a line of business application or piece of firmware, migrated a number of workloads to a public cloud provider or integrated with a third-party service provider through a new set of APIs.
A data breach is inevitable
No organisation today can be completely immune from cyber threats, so it’s far better to be in a position where you can protect the business from the most damaging or likely threats, and be able to mitigate risk overall by detecting and responding quickly to any potential breach.