[BreachExchange] The Importance of Personalised Risk-Based Security

[Destry Winant]

https://www.cso.com.au/article/656442/importance-personalised-risk-based-security/

It has nearly been a year since the Notifiable Data Breach scheme came
into effect in Australia and already 550 breaches have been reported.
Of the 245 breaches reported between July 2018 and September 2018, 57%
were caused by a malicious or criminal attack. Modern organisations
must understand the criticality of having the best possible cyber
defence to protect against malicious actions of skilful
cybercriminals. Thankfully, most organisations today employ various
cybersecurity tools designed to help prevent inevitable attacks from
wreaking havoc and causing data loss.

However, CSOs and their security teams, still share caution about the
state of their organisation’s security posture because new scams,
vulnerabilities, exploits, malware and hacking techniques used in
cyberattacks are constantly evolving, thus representing an ongoing
risk. The increase in internet-connected devices and cloud application
usage exacerbates the situation as threat vectors expand beyond the
traditional corporate perimeter.

Today, typical threat vectors that organisations must monitor include
the network, web, cloud, applications, endpoints, mobile devices,
databases and the Internet of Things (IoT). All these vectors are
possible defenceless launch pads that bad actors can use to spring an
attack.

The pressing concerns often encountered by organisations, with regards
to their security operations, involve understanding the risk profile
and effectively responding to those risks. However, if organisations
have a lack of visibility and awareness of daily security situations
it becomes nearly impossible to determine the proper responses.

Identify personalised Risk

Data breaches often happen quickly. During such a security incident,
identifying where risks exist, the current reality of their security
posture and, ultimately what security actions are necessary should be
a business’s top security priority. Security-conscious organisations
must implement an easy and reliable way to analyse and measure their
security posture in real time, perform ‘what-if’ analysis on various
defence layers, and identify defensive actions needed to remove
present risks.

Organisations need security solutions that provide personalised threat
information and risk scoring adapted to their personal situation.
Organisations generally don’t have the same security systems, so
security monitoring solutions should be able to reveal weaknesses in
the current defensive layers an organisation has and guide immediate
and necessary defensive actions for specific environments that
consider any cloud applications, endpoints, or other threat vectors
that organisations have which could put them at risk. By using
personalised monitoring tools, organisations will be better positioned
to protect against vulnerabilities that their current defensive layers
may be susceptible to.

Real-time security

Further, risk-based solutions should provide real-time information
about live attacks, coupled with data that captures malicious
activities at the specific defence layer that could result in
compromised networks, systems and data residing on-premises or in the
cloud. Being able to track the risk of a threat in real-time is
imperative for security teams to know which defensive measures to
implement to reduce an organisation’s threat surface and
susceptibility to cyberattacks.

While, real-time risk-based solutions are extremely effective during a
breach, best practice should see organisations implementing the
solutions long before security breaches occur. Organisations must
deploy effective security solutions proactively, so their systems
remain protected from any threat actors attempting to launch an
attack. Solutions must be able to show organisations where
vulnerabilities lie and help them determine the most appropriate
strategy to reduce the chance of a threat actor targeting that
vulnerability. The essence of a great cyber security strategy is
effective planning, policy, budgeting, and risk-based monitoring will
help organisations achieve this.

No organisation wants to be a statistic in the next Notifiable Data
Breaches report. As threat vectors and the threat landscape continue
to become more complex, organisations need security solutions that
will help address security vulnerabilities to be better protected from
data breaches. By implementing personalised risk-based security
solutions, organisations will have a better understanding of their
environment and the steps they can take to effectively protect their
data.