How Cybersecurity Teams Have Gotten Faster
Organizations have made progress in improving their defenses, but they still have a long way to go.
Cybersecurity attacks are more organized than ever. The threats to organizations’ applications and data require IT professionals to be more focused than ever, too.
The attention that organizations are paying to security was on display in August at the CDW Managing Risk Summit in Boston. The event brought IT leaders from across the U.S. together with security experts from CDW and its partners to discuss a variety of topics that covered everything from phishing defense to training the cybersecurity workforce.
One of the reasons I enjoy these events so much is the passion that everyone brings. It’s great to have detailed discussions with CDW customers about the threats they’re facing and the strategies they’re employing to address these threats.
The first keynote speaker at the Summit was Brian Krebs, a journalist who has broken many of the biggest cybersecurity stories of the last decade. Krebs observed that the scope of cyberattacks is so broad that he is more surprised to find a network that hasn’t been touched by a nation-state actor than one that has been. Krebs advised organizations to beef up their recruitment of security experts, including efforts to attract young computer whizzes before they can even consider using their talents for criminal pursuits.
“At some point, we need to have a long-term strategy in this country about how to get these people involved for the good side,” he said. “There’s an opportunity there.”
Speakers throughout the summit offered valuable information and keen observations about the world of cybersecurity. Here are some of the important insights I brought home from the event.
Threats and Defense
Email security and phishing were top concerns at the Summit. The vulnerabilities of email involve both human errors and technical weaknesses. To address these vulnerabilities, organizations must employ strategies that combine both technological solutions and human conditioning.
The rapid adoption of cloud computing services has also yielded a prime target for cyberattacks. As cloud applications and data proliferate, IT teams face greater challenges in managing the sprawl and maintaining an effective security posture. Cloud access security brokers have emerged as robust solutions to address this situation. A CASB provides a unified control point for visibility into cloud applications, as well as an understanding of how users interact with cloud apps and data. Not only does a CASB provide a deeper understanding of an organization’s cloud usage and traffic, but it also enables IT teams to enact policies for how data may be handled.
The Need for Continuous Improvement
As threats have become more dangerous, cybersecurity awareness has increased. An example includes the reduction of cyberattack dwell time (which is the amount of time from when an attacker gains access to when the attack is detected). Research indicates that the median dwell time for attacks in 2011 was 416 days (you read that right — 416 days!). That number declined steadily over several years to hit 99 days in 2016 and stayed essentially flat at 101 days in 2017.
While this improvement is significant — and laudable — several IT leaders I spoke with in Boston made clear that there’s still a lot of work to do. They agreed that 100 days is way too much time to let cybercriminals roam free on your network, a viewpoint shared especially among the IT leaders in the healthcare and finance industries I spoke with.
Reducing that median dwell time figure down to zero isn’t feasible, but organizations still need to keep making incremental progress. This includes taking basic precautions such as adding multifactor authentication, segmenting the network, better managing network privileges and getting upgrade alerts to notify the IT department of additional forms of attack.
As long as organizations keep improving, they’re on the right path. One thing is clear, cybercriminals aren’t relaxing their efforts. Neither should we.
This blog post brought to you by:
