Optimising your security? Here are 4 key considerations.
Insights•6 minutes read
Optimising your security? Here are 4 key considerations.
Learn the four things you should consider to help optimise your business's cyber security.
June 25, 2021
Taking the first step to optimise your cyber security
Today, the importance of having robust cyber-security systems in place simply can’t be overstated.
Business leaders around the world now see cyber-security risks as the greatest threat to their organisation over the next three years, according to KPMG’s latest 2021 CEO Outlook Pulse Survey. In fact, over half (52%) of CEOs say they expect to spend more on data security this year¹.
The need to invest in state-of-the-art security is abundantly clear for businesses of all sizes. But where should you start? And how do you know if your security is up to scratch, or if it’s in need of an overhaul?
Here are four questions to ask.
1. What are we protecting? And where does the value lie?
The traditional approach to security has been to start with the threats: track what’s happening across your network, identify anything suspicious and then build a response to the quantity and variety of potential attacks. However, we have now arrived at the point where the threat landscape for most organisations is incredibly vast and astonishingly complex. According to a recent study by Microsoft, current global cyber security threat detection infrastructure routinely recognises eight trillion potential threat signals every day². For IT and security teams, individually identifying and effectively responding to these exponentially-increasing threats is an impossible task.
At Interactive, our experts have long favoured a value-based approach as opposed to one based on threats. This means we start by gaining a thorough understanding of your technology infrastructure, as well as the cyber-risks that are most critical to your business, from the outset.
How does your business operate? What data is the most valuable in order for your business to make money? Where is the value stored? How does the data move around your organisation and over the internet? Which other entities, including suppliers and customers, are part of your technology ecosystem?
By determining exactly where the value is, we can also ensure that our strongest efforts are directed at protecting the areas that matter most.
Once we understand your business in more detail, we are able to determine where the value lies – i.e. which areas are most likely to appeal to adversaries. A combination of high-value data and poor security infrastructure can make you an irresistible target.
2. Have we verified that our security actually works?
Planning your security investment around the unique structure and value of your business is a good first move, but it is surprising how many organisations don’t take the extra step of validating and verifying that their designs (and the investments behind them) are effective in real-world conditions.
At Interactive, we run an attack simulation immediately after commissioning a new defence infrastructure. This ensures that our baseline defences are operating as expected and that your team gets to solidify their knowledge and skills on your new infrastructure after the onboarding process.
After this, we then go into a 90-day cycle of listening and engaging with your team, looking at the data in detail, making adjustments and discussing the early lessons learned.
Once we have baseline detections for a business, with operational context, we are able to respond more confidently and adjust our strategy if required. If a business goes through a merger or acquisition, for instance, or perhaps a period of accelerated growth, we can spend time thinking ahead and enabling, rather than just responding.
3. How do we avoid ‘security atrophy’?
The cyber-threat landscape is changing every second. To stay on top of security requires constant vigilance and awareness. Staying still is simply not an option.
Our team continuously measures the effectiveness of our security solutions via data-driven indicators. This is critical in ensuring we can verify what we said we could do at the start of a project and that we continue to do so in a sustainable way, avoiding the all-too-common situation of ‘security atrophy’ – where systems and tools stagnate.
We also encourage you to think beyond the onboarding experience, and into the operations phase, especially from a resourcing perspective. It’s important to ensure you always have the right stakeholders in place at every step, and that you have key people who can take ownership in driving continual improvement with your security. At Interactive, we provide our clients with a ‘report driven actions’ asset as part of any project. This details action that we take on any security item that is reported, and avoids your security response being held at a status quo.
4. Do we have the right technology mix in place?
There are all kinds of cyber-security solutions on the market – all with varying degrees of sophistication, relevance and reliability. Robust security is all about striking the right technology mix, and ideally, a centralised and cost-effective solution that enables you to manage the whole of your estate, as opposed to various point solutions that need to be cobbled together. For this reason, we find that a Managed Azure Sentinel solution makes sense for many customers, especially those that have already invested in the Microsoft stack.
What is Microsoft Azure Sentinel?
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
It delivers security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
At Interactive, we are Microsoft experts and can help you make the most out of the platform. Managed Azure Sentinel by Interactive ensures you have optimised deployment, alert tuning and 24/7 detection and response capability from an onshore cyber security operations centre.