“The problem with security today isn’t a lack of defense mechanisms or data – it is relevance. For every major breach, there is a team scratching their heads on what they could have done differently. Failure occurs because security systems are unable to produce information that is contextual and relevant to the organization.â€
Recent research shows that ransomware and to some degree malware are the most common causes of cyberattacks in 2020. As security threats expand by the day, CISOs say they are doubling down on solutions to reduce top risks that threaten business operations. Over the past eight months, some of the solutions that made it to the mainstream are endpoint management, identity access and management (IAM), and cloud-based security solutions for securing remote access in the new multi-perimeter era
While it does sound great in theory, where does one actually start with these solutions? Also, too many point products simply add more noise, an issue which is well acknowledged by security leaders. Security vendors have long touted the benefits of a “single pane of glass†that offers a comprehensive view into evolving threats, but in the age of COVID, with cyber threats growing at a rapid clip, this approach falls short of expectations. In this interview, Dr. Vinay SridharaOpens a new window , CTO at Balbix explains how IT consolidation enables CISOs to mitigate cyber risks, improve visibility and eliminate waste within operations.
Sridhara, a well-known tech veteran who holds over 100 patents, reveals how outside of security threats, IT can better address the underlying security issues within an organization by software patching, a vital but overlooked function which can dramatically minimize the fallout from a cyberattack. Also, learn how the new wave of AI-based solutions help IT security teams detect and respond to cyber threats faster.Â
Key takeaways from this interview:Â Â
- Top considerations for consolidating disparate point security solutionsÂ
- Cybersecurity essentials SMBs should have to hacker-proof their business
- How to achieve cost-efficiency by eliminating waste in security operations  Â
- Security strategies CISOs should consider for 2021 and beyond
Learn More: CIOs in 2021: Checklist for the Reshaped RealityÂ
Here’s the edited transcript of the interview with Dr Vinay Sridhara:
1. CISOs today are challenged by too many disparate security tools. How can they consolidate and enhance the security tech stack?
IT consolidation is important because CISOs can effectively eliminate overlap and waste within their operations. By consolidating various cybersecurity point products and identifying and removing unused software, cost savings are achieved, and efficiency is maximized. This is a vital undertaking, given that the typical organization wastes about 37% of their budgetOpens a new window on unused software, resulting in hundreds of thousands, if not millions, of dollars spent on redundant products.
Successful IT consolidation is accomplished by first ensuring a complete, accurate, up-to-date IT asset inventory and categorizing all the hardware and software assets connected across a network. Since you cannot improve what you cannot measure, inaccurate inventory makes managing cyber-risk impossible.
Gaining real-time visibility into all inventory across an enterprise and having the ability to accurately categorize IT assets based on a multitude of characteristics is an essential component of enhancing security posture. Every type of asset, including managed and unmanaged (BYOD), devices, apps, users, IoT, mobile, on-premises, cloud, and partner assets, must be identified. Additionally, all attributes of every asset, such as asset type, usage, risk owner, location, software version, or vulnerabilities it is affected by, must be categorized.
It is important to note that inventory does not pertain to physical assets alone but also encompasses how users interact with assets, the number of users, access privileges for each user and asset, and the security posture of the assets that users work with. By going beyond basic categorization and creating dynamic groups for assets, security teams can categorize assets based on business criticality and breach likelihood. Â
However, with the dynamic nature of today’s organizations, having the ability to see everything is simultaneously more difficult, and more important than ever before. Fortunately, CISOs can leverage advanced tools that utilize AI that provides comprehensive visibility and empowers security teams to continuously build and automatically update inventory on an ongoing basis. Also, such advanced tools provide inventory with business context. This means that assets that store sensitive data, provide critical services such as web servers and domain controllers, or that various business systems rely on are given greater emphasis.
2. How can small and mid-sized companies which are becoming a prime target for hackers get started on the vulnerability management track in a post-COVID-19 world?
First, companies must understand how their connectivity has drastically changed due to the shift to remote work as a result of the global health crisis. Unfortunately, for most companies, risk levels are spiking at frightening levels as the extended perimeter becomes more and more difficult to control with employees working remotely. When employees were working within an office environment and on a company network, there are traditional security features such as firewalls and proxies. Unfortunately, those technologies do not protect data from remote users on home networks.
Thus, making VPN accessible to all employees is crucial now and in a post-COVID-19 world. Especially for small and mid-sized companies that are not used to employees working from home, mobilizing VPNs quickly can be difficult, yet absolutely required in order to secure employees’ access to corporate networks and private resources.Â
To do so, companies should prioritize access for their senior staff and privileged users since their assets are more business-critical, and if compromised, would have a much greater impact. Once companies have deployed across the company, ensure you have visibility into all VPN connections.
Additionally, companies should establish controls for endpoint protection among all employees. With malicious websites and phishing scams rising during the pandemic, companies should get ahead of these scams and implement strong controls for endpoint protection for all users. Endpoint protection for each department or division should depend on the business criticality of each team’s assets. Furthermore, a company should continuously validate if their endpoint visibility is consistent for new users that are working remotely.
Learn More: 5 Strategies SMBs Should Follow to Strengthen Cybersecurity
3. Endpoint protection, visibility of IoT, OT and cloud assets are emerging as top challenges. How can organizations better protect these assets?
The set of assets within a company is always changing, with new devices being added, retired physical machines migrating to virtual, and various stakeholders constantly installing and updating software (with or without approval). Organizations must have a clear understanding of all the systems currently running across their network and make certain that they are all in a categorized manner based on criticality to the business.
Continuous visibility of the extended perimeter (port exposure, security configuration issues, missing or default passwords, broken certificates, etc.) is crucial. A breach usually begins with one or a handful of vulnerable systems on the extended perimeter being compromised because of an employee falling victim to a phishing attack or via a weak password or some unpatched vulnerability. With remote work on the rise, a company’s extended perimeter is more vulnerable than ever before. Visibility into this new perimeter is pivotal to reduce risk and stay ahead of evolving attack tactics that leverage the crisis, such as social engineering.
Also, as new vulnerabilities arise with the shift to working from home, it is important that critical business assets are addressed first and are prioritized for patching. For instance, patching the CFO’s laptop is much more critical than patching your office coordinator’s laptop.
Overall, organizations need to be prepared for the heightened risk that comes from increased use of cloud, home networks, shadow IT applications, and additional third-party software tools given the remote work landscape. To manage risk across a highly distributed digital ecosystem, companies should implement automated risk management tools that enable security teams to maximize limited resources across the expanded digital ecosystem.Â
Such tools drastically help organizations develop a dynamic understanding of the assets in their network, the potential impact of each risk, and which risks are the most likely to be exploited. The result is an always up-to-date, prioritized view of the most impactful actions an infosec team can make at any given time to minimize the likelihood of costly breaches.
4. Given today’s restrictive budgets and dispersed workforces, how can CISOs advance their cybersecurity program past the crisis?
With today’s limited budgets and dispersed workforces, CISO’s must maximize their return on investments and shift to a risk-based prioritization strategy. Even though security professionals cannot reduce risk to zero, they can significantly reduce risk by eliminating the most impactful risks facing their organization. This approach allows security leaders to be able to continue to meet or exceed goals even with a smaller budget and/or a smaller team.
The first step is understanding one’s IT environment by an accurate, up-to-date inventory and categorization of all the assets connected across the network. Further, inventory should be categorized by business criticality. When calculating business criticality, CISO’s should ask themselves a simple question, “How disastrous would the impact on the business be if said asset were to get breached.â€
Next, CISOs should learn about the probability, or likelihood, that an asset will be breached. This likelihood considers the severity of vulnerabilities, exposure due to usage, threat levels, and the risk-negating effect of compensating controls. It is pivotal that each of these variables is accounted for when calculating likelihood.
Lastly, to achieve a risk-based prioritization strategy CISOs must provide their team with clear, prioritized lists of the key issues that need to be remediated first with corresponding actions. The prioritized lists of vulnerabilities should be available via intuitive dashboards and should include insights into the likelihood of a breach for each asset, the issues affecting assets, and the business impact a breach on that asset would have on the organization. Furthermore, by identifying and showing prescriptive fixes, the team can have real-time visibility into top risk insights for improved incident response and remediation.
5. Do you believe training employees for cybersecurity resilience can future-proof businesses?
An effective training program is integral to strengthening cybersecurity posture, given the risks associated with human error.Â
The overall security posture of an organization and a specific employee’s role in strengthening that posture must be understood by all. This can be established through ad-hoc gamification, which increases employees’ ownership of cyber-risk management. Ad-hoc gamification is the primary success factor of security awareness training products because it ensures that every single employee is continuously educated on security priorities and best practices, and actively encourages everyone – form the top down – to play their part in helping the security team reduce risk.
Educating users is very important considering that the Ponemon Institute 2020 insider threat global studyOpens a new window found that user negligence accounts for 62% of all insider-caused cybersecurity incidents, costing organizations the most per year: an average of $4.58 million.
Furthermore, with the rapid shift to a remote workforce, there has been a corresponding onslaught of more employees adopting new digital accounts and applications as a result. With an increase in the number of online accounts, both personal and work-related, an organization is at a higher risk of experiencing breaches caused by compromised credentials. 80% of hacking-related breaches are still due to compromised, weak, and reused passwords. This is especially concerning given that 99% of users reuse passwords not once but 2.7 times on average between and across work and personal accounts, a report finds. As remote workers rapidly expand their digital footprint across more and more applications, organizations must make strong password hygiene a top priority within educational training programs.
6. Can AI and machine learning tools help security analysts do their jobs more effectively now that they are in remote mode? What tools would you recommend to security analysts?
Especially considering today’s climate and companies’ heightened dependency on digital infrastructure, the attack surface is growing at exponential rates and is now more complex than ever. With anywhere from 10 million to 100 billion time-varying signals in the enterprise attack surface, cybersecurity is no longer a human scale problem. The use of AI to combat cyber threats is pivotal.
Not only do companies need AI for cybersecurity, there is no possible way to defend their information without it. The problem with security today isn’t a lack of defense mechanisms or data – it is relevance. For every major breach, there is a team scratching their heads on what they could have done differently. Failure occurs because security systems are unable to produce information that is contextual and relevant to the organization. Thousands of “critical severity†issues and millions of alerts mean that everything becomes noise.Â
Security analysts should seek AI-based cybersecurity tools that can understand every relevant detail of usage, configuration and posture of assets and that can develop deep context around exploitability, business criticality, propagation risk, and the impact of mitigating controls elsewhere in the network. Most importantly, AI tools should be able to surface root causes of breaches and prescribe strategic mitigations for the underlying vulnerability based on risk to the organization. Security teams and analysts can then use predictive functions to help them get ahead of new threats, far surpassing traditional cybersecurity approaches in terms of speed and accuracy.
Learn More: A CTO’s View on the Future of SOARÂ
7. What are some of the long-term security trends you see emerging post COVID-19?
Since limited visibility continues to be a challenge for info security teams, making it almost impossible to accurately assess risk and prioritize vulnerabilities, AI will increasingly be used to manage risk. According to the recent State of the Enterprise Security Posture ReportOpens a new window , 37% of security professionals say that their visibility only extends to a small subset of the overall attack surface. A large majority (60%) say that they have knowledge of fewer than 75% of the assets on their networks, with most claiming only spotty understanding of business criticality and categorization.
With the increased likelihood of remote work long-term, organizations need to be prepared for heightened risk that is more distributed across cloud, outside networks and additional third-party software tools. To manage risk, companies will increasingly turn to automated risk management tools that leverage AI to maximize limited resources across the expanded digital ecosystem.Â
With automated security tools, organizations can develop a dynamic understanding of the assets in their network, the potential impact of each risk and what risks are the most likely to be exploited. The result is an always up-to-date, prioritized view of the most impactful moves an infosec team can make at any given time to minimize the likelihood of a breach.
Additionally, since the pandemic has taken a toll on the economy, we can expect cost-cutting and IT consolidation to become hot topics for the foreseeable future. Security leaders will begin to shift priorities and focus on how to effectively eliminate waste so that cost savings and efficiency are achieved.
About Dr. Vinay SridharaOpens a new window : Dr. Vinay Sridhara has more than a decade of R&D experience in Wireless communication, Security, and Machine Learning. Prior to joining BalbixOpens a new window , Vinay worked at Qualcomm Research for over 9 years, where he worked on wireless networking, mobile security and machine learning. While at Qualcomm, he served on several IEEE 802.11 working groups and contributed to several core areas in these standards. Vinay has a Ph.D. in ECE and Masters in CS from USC and University of Delaware. He has authored many research papers, and holds over 100 patents.
About BalbixOpens a new window : Balbix is the world’s first cybersecurity platform to leverage specialized AI to provide real-time visibility into an organization’s breach risk. The Balbix system predicts where and how breaches are likely to happen, prescribes prioritized mitigating actions, and enables workflows to address the underlying security issues.Â
About Tech TalkOpens a new window : Tech Talk is a Toolbox Interview Series with notable CTOs and senior executives from around the world. Join us to share your insights and research on where technology and data are heading in the future. This interview series focuses on integrated solutions, research and best practices in the day-to-day work of the tech world.
Is AI a boon or bane for cybersecurity? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!