The run-up to Brexit has led to a boost in wages for professionals of around three per cent as demand grows for skilled workers, according to the recruitment consultancy Robert Walters. Nowhere has this increased demand been felt more keenly, however, than in the cyber security industry. Threat levels are continuing to rise simply because organisations are collecting and processing more and more valuable data. The swelling value of the data is encouraging attackers to develop new and even more sophisticated tools and techniques to compromise an organisation and pilfer its digital data. Organisations typically respond by adding yet another security tool to try and close the door. Thus, a game of cat and mouse ensues between the attackers and the organisation. In addition, governments and regulatory bodies are increasingly introducing new legislation and regulations that force organisations to comply with a ‘minimum’ best practice or face heavy fines, as well as negative press coverage.
This perfect storm has led to a very fragmented cyber security landscape. The majority of organisations house up to fifty solutions from different IT vendors, which have been bought over time to combat very unique and specific threats. The thing is, having too many different stand-alone tools is starting to do more harm than good for big businesses. You have to remember all these tools need updates applying, licencing, IT staff with the right certification, and to be monitored regularly. You get to the point where you have two possible scenarios. The first is where an organisation has too many tools to manage competently, thus effectively rendering the cybersecurity tool ineffective. The second is where the organisation is spending a fortune employing the services of a growing team of cyber security specialists to manage each new cyber security solution.
Two major new European regulations landed in May, meaning now more than ever, it’s time to pause, relook at the threat, rethink the optimum cyber security strategy and then restructure your cyber security protection so that it is integrated and far less fragmented.
From then to now
It was all very different 20 years ago. In many ways, IT security managers had an easier time of it. IT infrastructure was centralised, with data stored on single file servers: none of the complexity of virtualisation or hybrid cloud computing. Limited numbers of internet-connected mobile devices and few remote workers meant the network perimeter was easy to define and secure. The cybercrime industry was still in its infancy, while the absence of social media and web-based services further reduced the corporate attack surface.
How times have changed. Today’s digital and cloud-first organisations are more exposed than they’ve ever been. The perimeter as we know it is gone, and mobile devices, virtual endpoints and IoT devices have expanded the attack surface so wide it’s almost out of sight. Data is the new fuel of the digital economy but user demands for always-on access create dangerous security gaps. Sophisticated attack tools and techniques have been democratised “as-a-service” on a highly evolved cybercrime underground. From info-stealing trojans to ransomware, crypto-jacking, BEC, DDoS, IoT exploits, phishing and even file-less attacks, the sheer variety of threats facing organisations today is staggering.
One vendor blocked over 66.4 billion threats in 2017 alone, including over 631 million ransomware attacks.
The problem of tool bloat
In the past, IT buyers bought point products to deal with each new threat. The problem is, as the threat landscape evolves, organisations have found themselves with scores of security tools and systems which don’t talk to each other. Companies today run up to 50 different security vendors, according to Cisco. That represents complexity at a time when stretched IT teams need the opposite.
This kind of “tool bloat” is actively exposing organisations to cyber- and financial risk. There are several key challenges:
- It’s extremely expensive to maintain all of these products, each with licenses and support contracts to renew, as well as the sheer administrative and operational overheads of managing a bloated security stack
- It’s a highly ineffective way to run cybersecurity. You’re typically not using most of the features in these tools, and they don’t interoperate, creating potential gaps in coverage which hackers are adept at exploiting. It’s no coincidence that the “mean time to identify” (MTTI) a threat inside the network was 191 days last year, according to IBM.
- It’s getting increasingly difficult and expensive to maintain the required in-house skills to manage these tools. The global cybersecurity skills shortfall is estimated to reach 1.8m professionals by 2022 and talent is not cheap
Relook, rethink and restructure
Both the EU General Data Protection Regulation (GDPR) and NIS Directive mandate strict new rules around IT security. Penalties for non-compliance are up to €20m or 4% of global annual turnover, whichever is higher. They approach the challenge from different angles — the NIS Directive is only relevant to operators of “essential services” and has more prescriptive requirements, for example. However, it’s clear that Europe’s regulators will no longer stand for sub-par security.
What does this mean in practice? It’s time to go relook, rethink and restructure and rationalise your tools. Conduct a thorough audit and then work towards a pre-defined goal. Understand where you can consolidate onto platforms from fewer vendors, ideally ones which interoperate and share threat intelligence. That will help lower TCO and improve ROI.
Also consider how newer innovations like AI and machine learning could help. AI is a rapidly emerging technology in the cybersecurity space which is already having a significant impact. Radware revealed that 81% of executives it spoke to said they’ve already or recently implemented more reliance on automated solutions, while 38% claimed that in two years it will be their primary way to manage cybersecurity. These technologies can help teams find the needle in the haystack — patterns hard to spot with the human eye which are indicative of covert threats. They could even help organisations mitigate the challenges of current skills shortages, although you still need AI experts to train and manage such systems.
The bottom line is that by rationalising your infrastructure now, you stand a great chance of staying on the right side of regulators, and delivering maximum protection while minimising costs and overheads.
David Ellis, Vice President, Security and Mobility Solutions - Europe at Tech Data
Image Credit: Pavel Ignatov / Shutterstock