Any IT professional who needs help modernizing their approach to cybersecurity needs to follow a “triple-A” approach.
That’s the main takeaway from a new Ernst & Young survey, which found that organizations across a wide swath of industries are still dragging their heels when it comes to preparation for cyber attacks.
EY’s approach to modernizing cybersecurity practices involves three tenants: activate, adapt and anticipate. The three focus areas aim to help organizations move from a reactive mindset to a constant state of readiness.
“It’s easy to have to shadow IT and buy things in the cloud or buy capabilities online, but you really need to make sure you understand end-to-end what’s going on with what’s coming into you and where your touch points are,” Chip Tsantes, a principal and chief technology officer of EY’s cyber division, told FedScoop.
The survey — which interviewed 1,825 organizations in 60 countries, 15 percent from the public sector — found that most organizations (67 percent) are facing a rising number of threats, but more than one-third (37 percent) have no real-time insight on cyber risks. Respondents often said this lack of protection is due to either budgetary restraints or a lack of skilled resources when it comes to upgrading security protocols.
Tsantes said in order for security teams to activate a modern plan, cybersecurity needs to be a focus at the highest organizational level, knowing what assets need protection and what level of protection is needed.
“You can’t protect everything the same way,” Tsantes said. “I see this a lot when I talk to C-level executives and I ask them to list the 20 most important assets that need to be protected and you’ll get a different list from different executives. Everybody needs to be on the same page.”
Part of being on the same page is having the ability to anticipate new threats with a robust security operations center that not only understands the evolving cybersecurity landscape but also the ins and outs of the entire organization.
“It’s more about understanding the business and being able to triage the millions of events that get triggered each day, that you can sift through them and get down to the couple hundred that really require that human analysis and intervention,” Tsantes said.
Tsantes added that the security operations center needs to adapt to insider and outsider threats, which are changing as rapidly as technology seems to be moving. According to the survey, careless or unaware employees provide the biggest single threat to security, but the combination of outside threats — criminals, hacktivists or rogue nations — is just as dangerous as inside threats.
“Inevitably, outside threats have to get inside through exploiting existing credentials or create new credentials,” Tsantes said. “Even if the attack emanates from the outside, to be successful, it has to exploit something on the inside. No matter what, an outsider threat eventually becomes an insider threat.”
As organizations move to enhance their security, Tsantes said one of the smartest things IT professionals can realize is that the perimeter extends beyond their enterprise’s digital domain.
“It’s you, your customers, your vendors, your business partners. It’s the whole extended enterprise that’s involved in doing this and adapting to this self-aware organization,” he said. “You need to understand what you’re doing with your third-, fourth- and fifth-party providers. You need to make sure whatever security standards and expectations, it needs to extend beyond what you control to those who are touching your enterprise.”