Why is it so hard to get Cyber Security right? #3 – Technology and Infrastructure
This series of posts look at some of the complexities of Cyber Security. Why do many organisations struggle with the softer side of this conundrum? The first post considered some key characteristics of a good Chief Information Security Officer (CISO). The second post debated the organisation and culture that surrounds the CISO.
In this third post we analyse some of the typical technology solutions deployed for Cyber Security defence and discuss typical organisational and process issues that diminishes the business value of infrastructure investments.
The possible technical solutions and thereby cost of Cyber Security protection is almost infinite. One simple rule though, be very cautious about introducing large, complex systems with Cyber Security as the only focus.
Most, if not all, enterprises will deploy perimeter firewalls to protect their infrastructure and data. In the past, many considered a ‘hard shell’ perimeter as sufficient. As long as the boundary was protected and maintained with up to date patching the data and infrastructure was considered safe.
Most Enterprises abandoned that strategy a long time ago. By all means, firewalls are still required for basic protection, but the illusion that everything on the inside is safe has long gone. Without going into detail about Insider Threat, Phishing, Trojans and other possible attack vectors, it is clear that the focus is increasingly turning towards controlling what goes on inside and what flows out of the Network. In our connected world it is impossible to fully control what comes in.
Intrusion Detection/Prevention Systems (IDS/IPS), Security Incident and Event Management (SIEM) and Date Loss Prevention (DLP) systems are now deployed in increasing numbers across enterprise infrastructures. However, these are often complex and expensive installations and it is vital to ensure that the full cost of implementation and operation is understood before embarking on the implementation project.
A recent report by UBM, sponsored by HP Enterprise, found that enterprises on average receive some 17,000 malware alerts on a weekly basis, a vast majority of which turn out to be false. Chasing down such alerts costs organizations an average of $1.27 million in wasted effort. In fact, just 19% percent of the alerts generated by security systems are usually reliable. Because of the sheer volume of data, administrators end up looking at just 4 percent of the alerts they receive, creating an enormous exposure for organizations.
Still, among those using SIEM tools, 45% believe the technology has helped them detect malicious activity they might have missed otherwise so some appear to get it right – but an evolutionary tuning process is vital. With this in mind, start with a small manageable system where false positives can be eliminated before extending the monitoring to new areas.
Utilise security features of the technologies already in use. Upgrade regularly as most major vendors are rapidly introducing security functionality. Two Factor Authentication (TFA) can for example significantly reduce the risk of a breach due to poor password management.
Many organisations struggle to keep up with patching their critical Network and Server equipment. Workload on a stretched operations department, required downtime on customer facing services, poor planning and organisation are typical issues faced by IT.
If patching, maintenance and upgrading remains an ongoing problem, the infrastructure becomes increasingly vulnerable to attacks. In such circumstances it is worth considering moving services to a Cloud provider that offers the right security, SLAs and monitoring.
Enterprise Cloud services vendors typically offers an infrastructure security posture better than most on-premise Data Centres. Finding the right Cloud provider willing to share the overall Cyber Security defence may yield saving of investment, time and operational cost compared with the full cost and distraction of securing an on-premise infrastructure. However, securing data in the Cloud has its own challenges so it is advisable to seek professional advice to fully understand the business and security implications before starting a Cloud Migration.