BUILDING A CYBERSECURITY STRATEGY FOR THE LONG HAUL
Richard Cassidy , Senior Director Security Strategy EMEA , Exabeam , discusses why the short-term mindset of the cybersecurity industry needs to change and how the future isn ’ t as uncertain as some would have you believe .
he cybersecurity
T industry has a problem with longterm commitment . Too often , CISOs and CIOs become fixated on the discovery of new threats and the subsequent ad-infinitum battle in detection and alert investigation . As a result , they often fail to put in the time and effort needed to lay down a comprehensive long-term cybersecurity strategy for their organisation . The challenge is , if the focus is always on the ‘ here and now ’, businesses will forever be stuck playing catch up to the incredible rate of innovation in the adversarial space . While that happens , cybercriminals have their targets exactly where they want them .
New threats , same old attack vectors
In many ways , the industry has only itself to blame for the ‘ short-term strategy ’ predicament that our executive leaders now find themselves in . For too long , fear and uncertainty have been used as potent sales tools by technology vendors and solutions providers alike , claiming cybersecurity moves so fast that you can ’ t predict what ’ s around the next corner . This scaremongering approach to cybersecurity decisionmaking practice may help to sell the latest security products , but it also actively encourages a short-term mindset . However , while it ’ s true that new threats are emerging all the time , many of the attack vectors they rely on haven ’ t changed that much in decades .
For example , according to the SANS Institute , 95 % of all attacks on modern enterprise networks are the result of successful spear phishing – a technique that ’ s been around for at least 10 years ( while phishing itself , has been around since the 90s ). Furthermore , some form of social engineering attack – a technique as old as time itself – is a key factor in up to 99 % of cyberattacks . These attack methods aren ’ t new by any means and neither are the main defence strategies against them , such as regular cybersecurity training and rapid identification of ‘ abnormal ’ user behaviour on the network .
It ’ s fair to say that many of the rules of the game have been the same for a long time . Criminal organisations who were attacking mainframes back in the 80s and
90s are attacking cloud platforms today , using very similar tactics and techniques . This begs the question then ; is it a legacy mindset that ’ s holding the industry back from an overhaul in effective cybersecurity strategy and enablement , rather than proclaimed legacy tech ?
Future-proof your cybersecurity
Of course , that ’ s not to say that nothing ’ s changed at all . Perhaps the
Too often , CISOs and CIOs become fixated on the discovery of new threats and the subsequent adinfinitum battle in detection and alert investigation .
74 www . intelligentciso . com