Top 3 Security Initiatives for 2021 - An SHI eGuide for Cybersecurity Professionals
Top 3 Security Initiatives for 2021: An eGuide to Supporting Your Hybrid Workforce from the cybersecurity experts at SHI. Support your hybrid workforce.
Top 3 Security Initiatives for 2021
An eGuide to Supporting Your Hybrid Workforce
What Are the Primary Drivers for Cybersecurity Investments in 2021?
Here's What Our Experts Say
Security teams are up against rapidly changing data privacy requirements and constant challenges from attackers who know what they’re doing. Security investments are being driven by efforts to secure network access and digital identities, boost employee awareness and protect sensitive information in fast-moving hybrid and multi-cloud environments.
David O’Leary | Senior Director, Security | Stratascale, SHI
The wide adoption of the remote workforce and accelerated pace of digital transformation has prioritized the need to implement a more comprehensive security architecture which focuses on a proactive zero trust model, instead of a reactive perimeter-based model.
Michael Wilcox | Chief Information Security Officer – Field | Stratascale, SHI
Organizations are seeking a balance between implementing effective tools, reducing complexity and driving efficiency into security operations on a continuous basis. Those that achieve it will be well-positioned to address the current and future cybersecurity threat landscape, no matter what their industry vertical is.
Will Dehner | Director, Cybersecurity Advisory | Stratascale, SHI
Companies are taking aim at the security skills shortage by revisiting how to optimize the efficiency of their teams. Luckily, security OEMs are making it easier than ever to automate between and within platforms via APIs. They’re providing solutions such as security orchestration and automation (SOAR) and extended detection and response (XDR) to help reduce operational hardship, so security analysts can be more strategic and impactful.
Philip Armbrust | Director, ASG Security | SHI
What is the Hybrid Workforce?
The cybersecurity landscape changed dramatically in 2020. COVID-19 forced us to support hybrid workforces, we had to employ technology differently to support changing customer buying behaviors and we opened up our systems to support remote employees doing their level best to stay productive.
The disruption caused by the pandemic introduced new threats, and exposed the shortcomings of existing security measures. Cyberattacks are surging, and only 44% of companies feel prepared to defend against them.* - Ponemon "Cybersecurity in the Remote Work Era: A Global Risk Report" 2020
CISOs are increasingly being held accountable for both business and technological aspects of security. As they seek to create value for the business, optimizing investments has never been more important.
But cybersecurity is a broad topic, and it can be hard to identify quick wins. This eGuide highlights three initiatives geared towards aligning your cybersecurity program with desired business outcomes, and strengthening defenses across people, process, and technology.
36 billion records were exposed in data breaches between January and October 2020
— 2020 Q3 Data Breach QuickView Report
Get actionable insight from industry experts:
- Secure your new hybrid workforce.
- Ensure seamless and secure access no matter where users, applications or devices are located.
- Assess the cybersecurity health of your organization and your vendors.
- Identify gaps in protection and opportunities for consolidation across security controls.
- Streamline security operations with automation.
- Guard against accidental and malicious insider threats.
- Strengthen your overall cybersecurity and risk management posture.
Modernize Secure Access with Zero Trust.
Initiative #1.
Virtual private networks (VPNs) are part of a traditional, outward-looking approach to security that assumes everything behind the firewall is safe. However, this model is less effective in today’s hybrid workforce environment where large percentages of employees work from home, corporate assets reside in multi-cloud environments, and attackers routinely evade defenses without being detected.
The Zero Trust Imperative
The lines between internal “trusted” entities and external “untrusted” entities have blurred, and do not align with the idea of a single, defensible boundary between internal assets and the outside world. A modern network access strategy that incorporates Zero Trust enables you to implement a more agile, granular framework for authenticating users and devices.
Trust is dynamically assessed each time a user or device requests access to a resource, and access decisions are made based on contextual attributes such as user identity, time of day, location, device type and more.
60% of IT buyers accelerated the implementation of Zero Trust policies and technology over the past seven months.
- EMA "Enterprise Zero-Trust Networking Strategies: Secure Remote Access and Network Association" August 2020
Building an effective approach to Zero Trust
There is no single silver bullet when it comes to Zero Trust but there are several tools that can help you along the path.
It is important to evaluate solutions based on your organization's strategy. A thorough understanding of desired outcomes as well as your most critical assets and how traffic moves across the organization are integral parts of the decision-making process.
MICROSEGMENTATION
Allows you to create network segments or “micro-perimeters” based on data sensitivity, and control traffic within and between the segments to restrict malicious lateral movement.
IDENTITY & ACCESS MANAGEMENT (IAM)
Single sign-on, multi-factor authentication (MFA) and privileged access management (PAM) controls provide strong authentication across cloud platforms and internal systems and protect against the abuse of privileged credentials.
SECURE ACCESS SERVICE EDGE (SASE)
Brings together wide area networking (WAN) and network security services like CASB and FWaaS in a single, cloud-delivered service model. Enables Zero Trust by providing complete session protection, regardless of whether a user is on or off the corporate network.
DATA CLASSIFICATION
Enables you to associate security levels with specific types of data, regardless of where that data resides. Classification sets the foundation for Zero Trust access control.
DATA LOSS PREVENTION (DLP)
Reduces data loss at your greatest point of risk – the endpoint. Solutions monitor and manage the flow of cloud-based and on-premises sensitive data, and provide control points for implementing zero trust policies.
ZERO TRUST NETWORK ACCESS (ZTNA)/SOFTWARE-DEFINED PERIMETER (SDP)
Grants access on a “need-to-know” basis defined by granular policies. Connects users to private applications without ever placing them on the network or exposing apps to the internet.
Getting started with Zero Trust: 5 Steps
Zero Trust is prone to misconceptions, and many organizations are perplexed about how to formalize initiatives. While there is no one-size-fits-all approach, here are five key tips to help get you started:
Understand why you want to move towards Zero Trust: What are the goals of the business? Do you want to target a specific portion of your network, or the entire enterprise?
Determine what data you want to protect, where it is, where it goes, and who or what is handling it. Complete a risk assessment of sensitive data, and develop a formalized classification policy that is not too granular.
Map the flows of your data, and segment based on data sensitivity. Create small segments of network elements (micro-perimeters) that you can bind together to create a larger Zero Trust network.
Develop and enforce data security and access policies across hosting models, locations, users and devices. Carefully define rules and policies within key security controls.
Log and inspect all traffic for malicious activity and areas of improvement. Leverage analytics, and benchmark activity against performance metrics to illustrate ROI and determine whether more resources are required to maintain a continuous Zero Trust state.
Validate and optimize the effectiveness
of controls.
Initiative #2.
On average, enterprises deploy 45 cybersecurity-related tools on their networks; nearly 30% use more than 50.*
*Source: Ponemon Institute "Cyber Resilient Organization Report" 2020
Cybersecurity is plagued by point-tool problems. As new threats emerge, organizations often try to keep up by purchasing the latest and greatest technology. But this isn’t enough to bolster your defenses. In fact, it can have the opposite effect.
Strength in numbers doesn’t apply to security tools. Excessive use of disconnected solutions generates too many alerts, strains understaffed security teams, and makes security operations complex and time-consuming. This hinders inability not only to detect, but also to defend against attacks. Organizations that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities than those with fewer tools.*
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. And to do that, you need to reassess the threats you face and take a fresh look at the best way to defend against them.
Evaluating Your Security Architecture
Many organizations believe their solutions are delivering the desired results but in fact, 35% have security tools with overlapping capabilities, and 80% have tools that are underutilized.*
- Fireye "Mandiant Security Effectiveness Report" 2020
Innovative technology can help you evaluate and improve the value of your cybersecurity controls.
Attack Surface Management (ASM)
ASM technology monitors internet-exposed assets to provide insight into an organization's external attack surface, enabling security teams to analyze data through the eyes of hackers. Solutions simplify cloud security with visibility into internet assets associated with known and unknown cloud accounts.
Security Validation/Breach & Attack Simulation
These solutions assess the effectiveness of security controls with automated, continuous monitoring. They integrate into the security stack and safely execute real attack behaviors, automatically extracting evidence-based data about how your defenses react.
Security Scoring
Security scoring technology utilizes predictive analytics and security risk assessment tools to issue FICO-like scores—or grades ranging from A to F—to help predict an organization’s likelihood of a breach. Platforms facilitate the discovery and remediation of cybersecurity risk in your environment and help identify the risk vendors pose to your organization.
Extended Detection & Response (XDR)
XDR automatically collects and correlates data from multiple security products to improve threat detection and incident response. Solutions combine alerts triggered by email, endpoint and network security controls into a single incident, enabling analysts to do more thorough investigations.
Optimizing Your Security Tool Investments: 4 Tips
Evaluating your cybersecurity stack is a critical first step in the effort to address inefficiencies.
Several best practices can help you investigate your controls, reduce or eliminate shelfware,
and establish a foundation of tightly integrated tools.
1. Take an inventory. A comprehensive tool inventory enables you to assess the capabilities and scope of coverage for solutions you already own, and facilitates the removal of redundant or underutilized tools that add complexity and cost you time and money.
2. Conduct vulnerability assessments and penetration testing. Regularly conducting assessments will help you uncover weaknesses and misconfigurations that could result in compromise. It will also enable you benchmark your security posture with frameworks such as ISO, NIST Cybersecurity Framework or the CIS controls, and target security dollars to solutions that will have the most impact.
3. Integrate and consolidate. When individual point solutions don’t work well together, it results in operational hardship. Reducing manual processes is essential. The easier it is for tools to share data, the more successful you’ll be in creating automated workflows and freeing up security analysts for critical tasks.
Vendor consolidation can increase operational effectiveness while reducing spend and complexity. Tools from a single vendor are easier to manage and can form an ecosystem that leaves fewer gaps, enabling you to secure more with less.
4. Target your spending. Budget spent on new technology should be designed to address inefficiencies. Oftentimes, multiple existing solutions can be replaced with a single, more modern control that supports your digital risk management strategy.
Did you know?
The average security operations team receives over 11,000 security alerts daily.*
Data breaches caused by cloud misconfigurations have cost enterprises more than $5 trillion globally over the past two years.*
*IBM “Cyber Resilient Organization Report”
June 2020
Vendor-independent advisory services can provide an objective view of your existing capabilities to prevent, detect and respond to security incidents, and help you rationalize your security architecture.
Address the
human factor in cybersecurity.
Initiative #3.
Insider incidents—accidental or malicious—will be a factor in a third of all data breaches in 2021.*
- Forrester "Forrester Predictions 2021: Cybersecurity"
October 2020
Cybercriminals and nation-state hackers are exploiting human vulnerabilities, and no one is immune to security slip-ups. While organizations have been engaging in security awareness activities for years, escalating threats and data privacy concerns require us to advance our efforts.
Traditional security awareness training often centers on regulations such as HIPAA, PCI-DSS and more recently, the GDPR and CCPA. But implementing a security awareness program is much more than a check-the-box compliance exercise. It’s a business function designed to reduce business losses.
If you don’t provide users with specific information about how they should respond under certain circumstances and continuously motivate them to practice behaviors that promote your security goals, the responsibility for any damage they cause lies with you.
Did you know?
59% of employees are not fully confident they could identify a social engineering attack.
Osterman Research “2020 State of Privacy and Security Awareness Report” 2020
The global average cost resulting from insider threats—including negligent employees or contractors, malicious insiders, and credential thieves posing as insiders—is $11.45 million.
Ponemon Institute 2020 Cost of Insider Threats Global Report
The better informed that employees are about key issues, the more likely they are to be better able to defend against social engineering and other attacks. It's that simple.
Osterman Research “2020 State of Privacy and Security Awareness Report” 2020
The importance of continual cybersecurity training
Security awareness training works hand in hand with technical controls. In addition to solutions that help mitigate attacks and human error — such as data classification, email security, endpoint security, privileged access management (PAM), and user and entity behavior analytics (UEBA) — security awareness training platforms can help educate employees and assess their security readiness.
They offer delivery via a variety of digital endpoints and provide both ready-to-use and customized content of different lengths (one- to two-minute microlearning lessons, interactive lessons, and episode-based, Netflix-like shows) in styles that can be tailored to specific roles or audiences.
Insider threats are tough, and external controls aren’t going to be effective against a true insider. Companies should focus on threat hunting. Having a team—or outsourcing to a qualified professional team—to look for threats in the network is key to identifying malicious insiders and unauthorized exfiltration of data.
Kevin Mitnick, Chief Hacking Officer,
KnowBe4 on defending
against malicious insiders
Constructing an
Effective Security
Awareness Program:
1. Consider Your Corporate Culture
Work with senior management and employees to develop a strategy that blends your security awareness program with your existing corporate culture. Key considerations include your industry, workforce demographics, and what’s relevant to different locations, departments, and roles.
2. Set Goals And Be Flexible
Identify the top concerns and risk factors in specific areas of the organization, and develop a calendar of activities to address them. Set reasonable, incremental goals and be prepared to make changes if initial approaches fail to produce positive results. Be repetitive in the reinforcement of key messages, but not in how they are delivered. Diversify media and determine what drives the most change.
3. Gamify Your Training
Incorporate gamification to encourage active engagement. True gamification is a reward system that positively reinforces learning; it can motivate your employees to take training seriously, so that they have a chance of winning. What you reward them with depends on your corporate culture.
4. Prioritize Collaboration Over Punishment
Human error is inevitable, regardless of how strong your program is. Make sure employees understand exactly what their role is, and take a “more carrot, less stick” approach that treats security incidents as learning opportunities rather than cause for punishment. If users worry they’ll be reprimanded or even fired for security-related mistakes, they’ll be far less likely to report them.
5. Measure Your Efforts
Take baseline measurements related to current phishing susceptibility and cybersecurity knowledge levels, and put metrics in place to assess the impact of your program over time. Compliance metrics that focus on employee participation should be accompanied by behavior-related metrics that focus on whether you’re preventing more attacks, detecting more incidents, and ultimately reducing more risk over time.
Outlining the Next Steps
Get your cybersecurity program
fighting fit in 2021.
After a year of upheaval in 2020, perhaps the last thing many security teams want is more change in 2021.
The bad news is that if you don’t continue to adjust your security strategy, tools and culture, you will have a hard time keeping up with threat actors.
The good news is that if you partner with experts like SHI and Stratascale, you can ease the path to stronger cybersecurity while helping your business thrive. Whether you are looking to expand capabilities in specific areas or mature your security posture overall, we can increase your organization’s digital agility, so you can quickly adapt to today’s challenges and prepare for the future.
Learn more about how SHI is helping meet the growing needs of a hybrid workforce.
Contact Us to Get Started!
1-888-764-8888 or visit us at SHI.com