More Security Tools Hinder Response Efforts: Better Planning Pays Off

The global cybersecurity market is currently worth $173 billion and expected to grow to $270 billion by 2026. Yet as organizations invest more in security technology, a new global survey by IBM Security and the Ponemon Institute suggests that security response efforts are “hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.” Of those surveyed, 74% of respondents report that their response plans are ad-hoc, applied inconsistently, or that they have no plans at all.

This represents a critical gap in any security program. As organizations navigate evolving attack techniques and operational changes, such as an increasingly remote workforce, the survey suggests that companies are relying on outdated response plans that don’t reflect the current threat and business landscape.

However, with limited and overstretched resources, CISOs can’t possibly plan for every cyber risk scenario. A better approach is to develop targeted, proactive plans that focus tools and resources where they can have the greatest impact. Consider the following best practices:

1. Gain visibility into cyber risk hidden in the expanding attack surface

As an organization’s digital footprint expands, the number of applications, devices, and other assets that users interact with grows exponentially. Yet security teams often lack visibility into the inventory of critical assets that comprise these complex ecosystems — making them hard to secure. Security leaders may also lack insight into the level of risk associated with each asset, not realizing when a piece of software is misconfigured or runs a high risk of being breached.

In order to confidently grow and scale, organizations must find a way to achieve continuous visibility into these assets and the risk that may be hiding across their digital environment — in the cloud, and across geographies, subsidiaries, and the remote workforce. Only with this understanding can businesses make strategic planning decisions about prioritizing their remediation efforts and moving their cybersecurity programs forward.

To avoid overwhelming overstretched security teams, it’s also important for security leaders to rank areas where risk is disproportionately concentrated. For instance, a top priority could be remediating any incidents that involve a critical asset with a high risk of being breached. Rather than always fixing issues as they arise, security leaders can use these insights to develop proactive security policies that prioritize allocating resources based on the criticality and level of risk associated with each asset.

2. Continuously assess the organization’s security posture

As the IBM/Ponemon survey shows, investing in a variety of security tools does not always lead to an effective cyber risk reduction strategy. With an increasingly complex operational and threat landscape, security managers must find ways to build resilient security programs while optimizing their existing technology investments and workforce.

Since the business and threat environment is never static, a best practice for achieving this objective is for organizations to continuously and automatically monitor their cybersecurity posture over time to reveal areas of unknown risk, such as unpatched systems, misconfigurations, and other vulnerabilities.

With this insight, organizations can then begin to plan remediation strategies that ensure that their investments in security controls and resources are optimized and allocated where they’ll have the greatest impact on risk reduction.

3. Get ahead of third-party cyber risk

In today’s competitive business climate, organizations are partnering with more and more third parties to ensure they’re as efficient, agile, and flexible as possible. These third-party relationships help to accelerate business growth, but they also pose a significant cyber risk. In fact, 59% of companies have experienced a data breach caused by one of their vendors or third parties. To mitigate this risk, security leaders need to carefully yet expeditiously vet prospective vendors to ensure they're not bringing unwanted risk into the organization.

Too often, however, many security managers turn to a “one-size-fits-all” approach to onboarding new vendors, where each third party is assessed in the same manner. This process is unscalable, creates significant overhead, and fails to take into consideration the variances between different vendors.

To overcome these challenges, security leaders can streamline the assessment process and yield better results by grouping vendors by criticality to determine whether a particular third party needs a more in-depth assessment. Vendors can also be evaluated for cyber risk using security ratings, which provide objective, verifiable, and actionable data on security performance. These ratings can then be used to set a baseline for acceptable risk and ensure that third parties continue to maintain the desired security postures.

Finally, security leaders should implement a continuous monitoring program so they can keep tabs on their vendors’ security postures throughout the life of their partnerships.

Drive continuous process improvements — and get more from security investments

While a large portfolio of security tools won’t guarantee that an enterprise is safe against cyberattacks, security teams can optimize their use of these tools to drive continual process improvements in their security program.

The strategies outlined in this post — enabled by Bitsight solutions such as Bitsight for Security Performance Management and Bitsight for Third-Party Risk Management — empower organizations to incorporate proactive, automated risk discovery and mitigation into their security plans. Furthermore, using the insight these solutions provide, security teams and business leaders can better understand how well their security investments are working for their businesses, and identify where processes and tools require improvement.