The Covid-19 pandemic has redefined life as we know it. Now we are in the age of what is termed ‘the new normal,’ but is it normal, albeit new? At the rate that businesses have been forced to adjust and adopt to this ‘new normal,’ has taught us that business resilience is now a core thinking path that business should adopt. This is a clear indication to organisations that their dependence on digital technologies, and cyber risk, are intertwined with business resilience and continuity.
- Network visibility, advanced threat intelligence is needed for proactive security
- Too few organisations are unaware and reactive in the face of growing cyber risk
- AI SIEM, SOAR enables visibility, prediction, and rapid conclusive response
Too few organisations have the capacity to react timeously to malware attacks, and even fewer can proactively address security risks.
This is according to renowned cyber security expert and Specialist Sales Executive: Security at Gijima, Lukas van der Merwe, who says most organisations are unaware and reactive in the face of growing cyber risk.
Van der Merwe says the latest IBM Cost of a Data Breach Report indicates that early detection and rapid response significantly reduces the cost of a data breach which indicates that delays could prove crippling for organisations.
Most organisations lack the necessary information to effectively take action or possess only the basic security operational solutions and structures to react to IT security events. “A minority of organisations are able to proactively address security challenges, and an even smaller minority are able to effectively respond to future security challenges,” add van der Merwe.
“It is important to note that in a world with new versions of malware and new attack vectors emerging almost daily, most preventive measures may not be effective. It only takes one unsecured workstation to unleash malware that could cripple a business. So, organisations must have proactive visibility with monitoring capabilities so they can see the attack the moment it starts happening and act within the critical time factor,” he says.
Van der Merwe says achieving full visibility requires a level of maturity. “Visibility relates to activity on the network and across the environment. If you then deploy monitoring capabilities, you gain some visibility, but if you add advanced threat intelligence, you can become more proactive.”
ICT companies like Gijima are offering a holistic, end to end portfolio of next generation security services such as deploying IBM’s® QRadar® Security Information and Event Management (SIEM), to help security teams accurately detect and prioritise threats across the enterprise. This provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. IBM Security SOAR, formerly Resilient, is designed to help security teams respond to cyber-threats with confidence, automate with intelligence, and collaborate with consistency, as well as allowing them to visualize and understand security incidents to prioritise and act.
Van der Merwe notes that SOAR technology represents a significant evolution in cyber security enabling security teams to neutralise cyber threats faster and with more confidence. “SOAR underpins improved effectiveness removing the need for human intervention to respond to security incidents while AI improves response time with rapid conclusive investigations. These elements of next generation cognitive technology underpins the identification of anomalous patterns of behaviour and near real time response” he says.
“It is the combination of SIEM with SOAR and AI that underpins improved detection and response times leading to reduced costs resulting from data breaches.”
Achieving visibility using platforms such as Gijima’s Advanced Cyber Defence security capabilities and IBM SIEM and SOAR solutions will come under discussion will come under discussion at a virtual series of roundtables in October – to join please register here
So says renowned cyber security expert and Specialist Sales Executive: Security at Gijima, Lukas van der Merwe, who says the past year has brought new challenges and shifted views on what constitutes business resilience.
“Over the past year, some interesting new challenges have emerged: a significant increase in remote working, accelerated adoption of cloud computing, and a surge in disruptive technologies have expanded organisations’ attack surface which requires us to rethink our approach to security,” he says.
“Security is fundamental to business resilience, but in the early weeks of the first lockdown, most organisations had to focus solely on enabling remote work as a key business resilience priority. Everything had to be done in a short period of time, with a focus on productivity. Security was almost an afterthought at the time.” However, high profile attacks that have locked down major organisations are illustrating that security is critical for business resilience, van der Merwe says.
COVID-19 has been the trigger for significantly accelerated adoption of Cloud and other technologies previously constrained by budget limitations or business appetite. Gijima believes that this will continue, and the rate of change will present a challenge for cyber security teams.
Other emerging issues are also impacting the way in which organisations manage security and risk: privacy will continue to be an escalating priority driven by consumer demand and regulation. New technology should be architected accordingly, and legacy systems will have to be enhanced or replaced to keep pace. At the same time, artificial intelligence, robotics, automation, everything as a service and 5G will continue to be adopted, developed, enhanced, and matured in various forms to meet business growth and customer experience demands.
“This requires a paradigm shift for cyber security,” van der Merwe says.
The new approach will require pervasive cyber security, based on the principle that the asset as well as the person or device accessing the asset is no longer housed with the safe perimeter of the corporate network.
To achieve this, organisations must start by determining what corporate assets and IP must be protected, the risk to this IP, whether from external attack, or insider threat in all its guises, and a defensive value, or the consequence of a loss of this IP. This informs how much should be allocated as a security budget. Organisations should then assess the present defences, looking at whether the components interact effectively and testing the defences to get a clear picture of the current security defence landscape, and where the gaps are located.
Security leaders need the possibility of managing the skills gap, to increase security ROI.
The right security platform has the potential to solve this challenge. We offer you the best solutions available, like IBM® Qradar® a market leading platform for security information and event management solutions.
“With the current landscape understood, we can build out a risk assessment to determine where investment is needed to construct a holistic and cohesive security strategy with all elements interacting to provide true threat intelligence and response,” van der Merwe says.