Taking a proactive approach to cybersecurity
Sponsored by: Amdocs A formidable defense can only be built by increasing investments in proactive cyber security, focusing on the “how” of preventing an attack rather than the amount of time it takes to do so.
18 Aug 2019
Taking a proactive approach to cybersecurity
Sponsored by: Amdocs
Download the related report: Security imperatives for digital transformation
A solid cyber-defense strategy is increasingly critical to the enterprise business. Each year, the volume of threats continues to climb, with some estimates indicating as many as 300,000 new types of malware being identified daily. Regulations too, such as GDPR are increasingly common. Security breaches as a result, can be devasting, leading to fines, negative publicity and stock price declines.
The threat landscape is both dynamic and complex. Attacks are becoming smarter and more persistent, with zero-day threats far more common. Meanwhile, agencies are attributing increasing numbers of attacks to rogue governments and well-funded organized crime gangs.
The overwhelming majority of today’s cyber-security industry practices are reactive. Indeed, a VMWare study found this to be the case for 80% of enterprise IT security investments. This is also reflected in the venture capital industry, where the 2018 Cyber Defender Report indicated 72% of VC investments were awarded to security start-ups whose product and service focus is reactive.
While there is no replacement for a solid, reactive, cyber-security defense strategy that focuses on the core best practices of patch management, log monitoring, SIEM, SOC and so on, such an approach on its own is insufficient to mitigate the threat. A formidable defense can only be built by increasing investments in proactive cyber security, focusing on the “how” of preventing an attack rather than the amount of time it takes to do so. Examples of a proactive approach include analyzing the number of attempts thwarted by employees, improving application design and proactively repairing vulnerabilities. Crucially, with prevention far less costly than remediation, such a strategy can also greatly improve the bottom line.
For these reasons, enterprises will be far better positioned to market themselves as a trusted partner if they can maintain a strong security posture as part of a more secure ecosystem. With this in mind, let’s examine the main layers of a proactive security strategy:
A solid cyber-defense strategy is increasingly critical to the enterprise business. Each year, the volume of threats continues to climb, with some estimates indicating as many as 300,000 new types of malware being identified daily. Regulations too, such as GDPR are increasingly common. Security breaches as a result, can be devasting, leading to fines, negative publicity and stock price declines.
The threat landscape is both dynamic and complex. Attacks are becoming smarter and more persistent, with zero-day threats far more common. Meanwhile, agencies are attributing increasing numbers of attacks to rogue governments and well-funded organized crime gangs.
The overwhelming majority of today’s cyber-security industry practices are reactive. Indeed, a VMWare study found this to be the case for 80% of enterprise IT security investments. This is also reflected in the venture capital industry, where the 2018 Cyber Defender Report indicated 72% of VC investments were awarded to security start-ups whose product and service focus is reactive.
While there is no replacement for a solid, reactive, cyber-security defense strategy that focuses on the core best practices of patch management, log monitoring, SIEM, SOC and so on, such an approach on its own is insufficient to mitigate the threat. A formidable defense can only be built by increasing investments in proactive cyber security, focusing on the “how” of preventing an attack rather than the amount of time it takes to do so. Examples of a proactive approach include analyzing the number of attempts thwarted by employees, improving application design and proactively repairing vulnerabilities. Crucially, with prevention far less costly than remediation, such a strategy can also greatly improve the bottom line.
Lessons from the FIFA Women’s World Cup 2019
Take football as an analogy. Every team positions their defense with the objective of defending their goal. While the goalkeeper role is critical, the more other players prevent the competing team from shooting for goal, the higher the chances of success.
The United States conceded only three goals in their seven matches on their path to winning the FIFA Women’s World Cup winner’s trophy. But what set them apart was the relatively low number of shots against their goal. This was attributed to their strong offense tactics and the ability of their defenders to keep the competing team’s attackers at bay.
The same holds true for cyber-security. First, to minimize or prevent attacks via phishing scams and suspicious downloads, enterprises must raise awareness amongst their entire workforce of the risks. Second, they must ensure a solid defense is built into their applications, bolstered by the capability to detect attacks from the outset. Thirdly, they require a solid detect & response mechanism – the “goalkeeper” – in order to minimize the impact of any attack.
For these reasons, enterprises will be far better positioned to market themselves as a trusted partner if they can maintain a strong security posture as part of a more secure ecosystem. With this in mind, let’s examine the main layers of a proactive security strategy:
It’s all about awareness
Employees represent the front line. They need to know every email they receive and every website they visit can potentially damage your enterprise systems. Yet raising such awareness represents a significant challenge. One of these is overcoming human nature: Many emails contain malicious links that seem genuine, increasing the temptation to click.
And despite the known security risks, employees may be tempted to use their private email for work purposes. However, raising awareness requires a creative approach that ensures employees pay attention to your security messages and act accordingly. Moreover, such efforts must also be ongoing, rather than an isolated campaign.
Best practice examples:
n Use innovative experiences such as VR and escape rooms to increase employee engagement.
n Continually drill employees with fake phishing exercises; post a running tally of how well the organization is performing and encourage employees to increase their alertness
n Hold cyber-awareness events at least annually
n Build awareness into employee onboarding
Security by design – a “shift-left” approach
Another key ingredient of a proactive approach is embedding security into enterprise applications. While many organizations suffice with building firewalls around their applications, if a cyber-criminal penetrates that firewall, there is no additional level of defense to protect the business. True application security demands measures to be built into every application, beginning from the very start of the development process, i.e. a “shift-left” approach. This increases the probability that any security vulnerability will be identified early on. It also enables the issue to be remediated before the application goes into production, thereby saving time and money, while ensuring the application has a more solid security foundation.
Know your security posture
The breadth and depth of enterprises’ attack surface has grown significantly over the past several years. Whereas it was once sufficient to be aware of all the assets you owned, organizations now must also contend with:
To plan the design of security systems and understand where vulnerabilities lie, it is therefore critical to understand the nature of every possible entry point into the enterprise ecosystem.
Practice! Practice! Practice!
For security professionals on the enterprise team, practice is key. Simulating cyber-attacks provides training to identify issues faster, defend enterprise assets – all while continuing to ensure seamless customer operations.
Such training can take place in many ways, for example:
Security employees should also be trained on the latest technologies to keep them current and motivated. This holds even more true, as according to (ISC)2 , there is currently a global shortage of skilled cybersecurity employees, with nearly 3 million unfilled positions in the workforce worldwide.
Continuous learning drives improvement
When an attack occurs, it’s important to harness the opportunity to learn from experience and improve the overall process. This includes performing a post-mortem, analyzing what happened and drawing conclusions on how to ensure similar attacks do not recur.
Leading by example
Amdocs, a leading vendor of solutions for communication services providers, provides a full suite of cyber-security solutions for enterprises of all sizes, while partnering with leading solution providers across the industry. Our focus is primarily proactive, ensuring enterprises can avoid attacks, while minimizing the impact of any attack that does occur.
In addition, we provide a full array of detection and remediation solutions, as well as forensic analysis capabilities, complemented by our state-of-the art security operations center, enabling us to identify, isolate and remediate the root cause of issues, minimize their impact and drive continuous improvement.
About Amdocs
Amdocs is a leading software and services provider to communications and media companies of all sizes, accelerating the industry’s dynamic and continuous digital transformation.
With a rich set of innovative solutions, long-term business relationships with 350 communications and media providers, and technology and distribution ties to 600 content creators, Amdocs delivers business improvements to drive growth.
Amdocs and its 25,000 employees serve customers in over 85 countries. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $4.0 billion in fiscal 2018.
For more information, visit Amdocs at www.amdocs.com
Employees represent the front line. They need to know every email they receive and every website they visit can potentially damage your enterprise systems. Yet raising such awareness represents a significant challenge. One of these is overcoming human nature: Many emails contain malicious links that seem genuine, increasing the temptation to click.
And despite the known security risks, employees may be tempted to use their private email for work purposes. However, raising awareness requires a creative approach that ensures employees pay attention to your security messages and act accordingly. Moreover, such efforts must also be ongoing, rather than an isolated campaign.
Best practice examples:
n Use innovative experiences such as VR and escape rooms to increase employee engagement.
n Continually drill employees with fake phishing exercises; post a running tally of how well the organization is performing and encourage employees to increase their alertness
n Hold cyber-awareness events at least annually
n Build awareness into employee onboarding
Security by design – a “shift-left” approach
Another key ingredient of a proactive approach is embedding security into enterprise applications. While many organizations suffice with building firewalls around their applications, if a cyber-criminal penetrates that firewall, there is no additional level of defense to protect the business. True application security demands measures to be built into every application, beginning from the very start of the development process, i.e. a “shift-left” approach. This increases the probability that any security vulnerability will be identified early on. It also enables the issue to be remediated before the application goes into production, thereby saving time and money, while ensuring the application has a more solid security foundation.
Know your security posture
The breadth and depth of enterprises’ attack surface has grown significantly over the past several years. Whereas it was once sufficient to be aware of all the assets you owned, organizations now must also contend with:
- Employees using unsecured connections in airports, coffee shops, etc.
- Cloud-based applications that connect into their ecosystem
- IoT devices, which are often poorly protected
- Partner ecosystems that connect to their network
To plan the design of security systems and understand where vulnerabilities lie, it is therefore critical to understand the nature of every possible entry point into the enterprise ecosystem.
Practice! Practice! Practice!
For security professionals on the enterprise team, practice is key. Simulating cyber-attacks provides training to identify issues faster, defend enterprise assets – all while continuing to ensure seamless customer operations.
Such training can take place in many ways, for example:
- Red team and threat hunting: a “red” team is assigned to try penetrating the enterprise system or an application, looking for soft spots in the defense. This helps identify vulnerabilities in the ecosystem, enabling defense mechanisms to be strengthened before they can be compromised.
- Simulated attacks: use technology and people to carry out simulated attacks across the organization and across the kill chain, from probing for weaknesses to lateral movement once inside the network. This helps security experts learn how to identify breaches while they’re still in progress and devise the best methods and procedures to eliminate the threat.
Security employees should also be trained on the latest technologies to keep them current and motivated. This holds even more true, as according to (ISC)2 , there is currently a global shortage of skilled cybersecurity employees, with nearly 3 million unfilled positions in the workforce worldwide.
Continuous learning drives improvement
When an attack occurs, it’s important to harness the opportunity to learn from experience and improve the overall process. This includes performing a post-mortem, analyzing what happened and drawing conclusions on how to ensure similar attacks do not recur.
Leading by example
Amdocs, a leading vendor of solutions for communication services providers, provides a full suite of cyber-security solutions for enterprises of all sizes, while partnering with leading solution providers across the industry. Our focus is primarily proactive, ensuring enterprises can avoid attacks, while minimizing the impact of any attack that does occur.
In addition, we provide a full array of detection and remediation solutions, as well as forensic analysis capabilities, complemented by our state-of-the art security operations center, enabling us to identify, isolate and remediate the root cause of issues, minimize their impact and drive continuous improvement.
About Amdocs
Amdocs is a leading software and services provider to communications and media companies of all sizes, accelerating the industry’s dynamic and continuous digital transformation.
With a rich set of innovative solutions, long-term business relationships with 350 communications and media providers, and technology and distribution ties to 600 content creators, Amdocs delivers business improvements to drive growth.
Amdocs and its 25,000 employees serve customers in over 85 countries. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $4.0 billion in fiscal 2018.
For more information, visit Amdocs at www.amdocs.com
