How to respond to the threat landscape

Understanding widespread security threat trends helps create security issue awareness, but often is not the best focus for security teams. Security and risk management leaders should confront the threat landscape based on a continuous assessment of threat and business evolutions.

Security and risk management leaders overseeing security operations should follow these four recommendations:

Continually Evaluate How Your Existing Defenses Adapt to Microtrends

CISOs might suffer from breach and threat statistic fatigue but must still quickly assess the organization’s security posture when business executives ask about newsworthy incidents.

Unfortunately, sometimes statistics are the only tool security professionals have. These statistics can be valuable however, only when put into the context of your particular business risks as supporting facts, rather than to replace a business case.

The threat still begins with traditional and well-known entry points, such as email.

Attacks on emails remain the easiest way for attackers to breach an organization, as shown by these statistics:

Email delivery is involved in 94% of malware detection.
Phishing is present in 78% of cyber espionage incidents.
Losses of over $1.2 billion came from business email compromise in 2018.

An emerging microtrend indicates that identities are now taking new forms.

Identity is the new treasure for cybercriminals, and CISOs don’t yet fully comprehend the extent of the challenge:

64% of stolen records in 2018 were stolen identities.
29% of breaches involved the use of stolen credentials.
Yet, only 19% of CISOs think they encountered a stolen credential incident in 2018.

Build Foundations to Design a Continuous Security Posture Assessment

Security and risk management leaders must evaluate their future security purchase for a specific threat vector, instead of issuing an RFP to compare similar solution from a single market. They should benchmark all the considered security solutions from multiple market silos against the same relevant evaluation metrics for the assigned threat vectors.

Engage in a Cross-Team Effort to Approach a More Continuous Exposure Assessment > Insider Threats / API Security

Security and risk management leaders must evaluate their future security purchase for a specific threat vector, instead of issuing an RFP to compare similar solution from a single market. They should benchmark. Security leaders should focus on the discovery of new business and technology practices within the organization.

A CISO and thier team must:

Maintain a culture of trust between teams to be aware of experimental business and technology approaches
Be flexible in the evaluation of emerging security practices through pilots and experiments
Build a continuous exposure assessment that goes beyond ad hoc threat report

Strengthen Resiliency Against Attacks the Organization is Ill-Prepared to Prevent or Detect

A resilient organization has the following qualities:

Rebounds, resumes and sustains decision making quickly
Coordinates, manages and mitigates organizational risks on a continuous basis
Operates with dispersed, but interdependent operations, electronically and physically
Is communicative, collaborative, cooperative and creative
Fosters a diverse and empowered workforce
Invests in an adaptive, elastic and flexible infrastructure — physical, IT and suppliers
Has committed leadership and program management
Embeds resilience into the culture of the organization, and leverages its “resilience story” to be competitive and prosper

Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year

How to analyse your organisations own threat landscape and how to respond will be covered at Gartner Security & Risk Management Summit, 18 – 19 May in Munich, Germany.