Why Enterprise Businesses Must Evolve from Controls-Based Approach to a Cybersecurity Ecosystem.
by Otavio Freire CTO & Co-Founder, SafeGuard Cyber
If you work in information and cyber security, you could be forgiven for a lack of sleep in 2018. Last year felt like a daily parade of headlines about massive data breaches and ever more complex hacks. Facebook, LinkedIn, Quora, Marriot, to name just a few. Not only are the breaches growing in number and in scope and sophistication, but the attack vectors are multiplying as new technologies are adopted: social media, email, cloud applications, and so on. This has always been the Sisyphean task of information security: find a vulnerability, find a fix. These fixes are focused on controls. Over time, this controls-based approach has led to a patchwork defense that is wholly unprepared for today’s more sophisticated attacks. Here’s a typical list of capabilities most CISOs must account for:
- Insider Threats
Now add to this list, Digital Risk Protection; a solution to monitor and secure all of the digital channels that are now critical front office operations but sit outside a company’s perimeter: social media, mobile chat, collaboration platforms, and enterprise cloud applications. So, how long will the list be in five years? The patchwork defense is outdated. Today’s attacks are more sophisticated and multi-channel. A bad actor can build a relationship with your employees on Facebook while they’re at home and then phish them through LinkedIn at work. Or, an attacker might not even have to go after your employees directly. Thinking back to 2018, the four hacks listed above comprised more than 816 million records! At this rate, bad actors can simply collect data from existing breaches to correlate PII and identify the easy targets in your company.
The time has come to move away from the patchwork model and think of your organization’s cybersecurity as an ecosystem. Move away from focusing on controls to looking at the full picture of the threat landscape. Partners and resources should work harmoniously by either integrating easily with your SIEM or enhancing workflows between different teams to take action in real time. For example, new threats, like brand impersonation or bot campaigns that spread disinformation about your brand are not direct attacks on network infrastructure. Who will address the threat, marketing or IT? State actors, hacker groups, and criminals are constantly innovating their attack strategies. Security teams must meet the challenge with innovation in technology as well as thinking. If your enterprise strategy is predicated on acquiring controls as threats arise, you’re only applying patches. Instead, look to build a system comprised of best of breed capabilities for greater resilience in today’s risk landscape.
About the Author
Otavio Freire, CTO & Co-Founder. Mr. Freire is a Brazilian-born American entrepreneur and inventor. He guides the development and innovations within SafeGuard Cyber’s enterprise platform that empowers clients to impact their sales, marketing, and business efforts via better cyber protection in social and digital channels. Mr. Freire has extensive experience in company strategy and R&D, product development, business development, and engineering for cyber and risk-based scalable platforms. He brings rich experience in social media applications, internet commerce and information technology serving the pharmaceutical, financial services, high-tech, and government verticals.