How do you improve cybersecurity without driving up costs?

1.1k views6 Comments

SVP in Finance (non-banking), 1,001 - 5,000 employees
When you do root cause analysis on cybersecurity incidents, it comes down to a few basic things. Either the company didn't have good controls in place to begin with, or they thought they had controls in place, but those controls weren't across their entire estate. So there’s incomplete control: 80% was covered, but 20% wasn't. Even if only 1% wasn't covered, bad actors only need one device. Once they're on it, they can do whatever they want.

Another factor is defense. Some organizations have one control and they think that's all they need. But you have to layer these controls so that it becomes much more difficult for the bad actors to navigate through and get to the underlying access they want. When I do root cause analysis on these incidents, I often find that even though the organization had two-factor authentication (2FA), they also had one test VPN account that they forgot about, and that is how the attackers got in. It's always something like that.

You don't need to spend millions and millions of dollars to get a good cybersecurity posture. If you have the budget, go for it. But people are going to get you with some basic things. If you don't do the basic things well, all the money you're spending on advanced anomaly detection doesn't matter. Because if you leave the door open, or if you leave the key right outside the door, people are just going to walk in.
1 Reply
VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees

That's one of the reasons why I can't stand the acronym, APT: An advanced persistent threat is only as advanced as it needs to be. And most of the time, it's not all that advanced. The adversary may have some good infrastructure behind them, but the mechanism that they use to get inside your network is not usually that advanced.

CISO in Finance (non-banking), 10,001+ employees
You need to first understand what are your organization business objectives and accordingly you need to align your Information Security objectives so that business goals can be met without impacting organization business operations. 

Follow Risk assessment approach to identify which are the key critical cyber security risks which may impact your business and accordingly assess the existing security controls and their effectiveness. Security culture need to be built in the organization over the period with top down approach and security awareness will play key role in achieving this part. This will help users avoiding mistakes when it comes identifying security threats and phishing emails and approving requests for any accesses.

Organization must adopt defense in depth approach to safeguard information and based on risk assessment results security controls need to be implemented only on those critical assets and processes which are of high impact and mitigation of low assets can be ignored and this way organization will be able to balance the cost vs risk. 

Security team need to rely lot of internal checks and frequent gap assessment and audits which need to be done very frequently along with adoption of open source security tools ex. Vulnerability Management tool which are reliable, stable and secure and can be used for less critical assets and this way we will be able to spend only on commerical tools for critical assets.

Introducing automation on the security monitoring and incident response will help to reduce costs and processes have to assessed and enhanced with less complexities.

Organization need to rely on native controls within the systems and security hygiene including patching of systems, hardening of systems, control over privilege access will help organization to spend less on implementing other tools. 

Vendor risk assessment need to be incorporated before onboarding the outsourced vendors and partners

Hope above information helps

Independent Consultant & Industry/Market Reseacher in Finance (non-banking), 1,001 - 5,000 employees
Cyber Security risk is very much a reality for all types of organizations & individuals. This has become increasingly complex. This has also now become a very remunerative profession. In fact, the cyber security criminals/threat actors are now working in partnership mode. Cyberwarfare has become more powerful and damaging than physical warfare. State-sponsored cyber terrorism has been picking up. This is the most potent unconventional & digital weapon being used. This is the most dangerous reality in today’s world. We have to recognize the gravity of the situation and continuously strengthen our cyber security posture to prevent, detect, identify, contain, remedy & resolve all cyber security problems. The following cost-effective steps may be taken for the purpose. 
1) We must deal with cyber security risks proactively, not just reactively. Know about the existing types of cyber security risks/attacks and the emerging cyber-attacks including the modus operandi of cybercriminals. Hands-on practice in simulated environments may prove very useful to prepare for prompt responses to cyber incidents. 
2) One must adopt the best computerized practices. The physical & logical access to one’s systems & other computer assets has to be authorized only under the least privilege model. Computer logs have to be checked through SOC/SIEM solution as manual verification could be impossible. Access has to be based on the zero trust Network model only. Identity has to be verified at every point of access. End-point security, including perimeter security, should be duly ensured. Cloud security has to be ensured including prevention/mitigation of cyber risks arising out of incorrect configurations. Migration to the cloud including hybrid cloud has picked up significantly across the world. 
3) Employees must act as the first layer of the firewall. All employees, including the members of the Board, have to be properly trained in various aspects of cyber security again & again. Continuous training/creation of awareness is a must. Everyone must understand that around 90% of the cyber security breaches happen due to insider support/involvement and hence, must take necessary precautions. Penetration testing at regular intervals and also more frequently (as required) has to cover both internal & external devices/IP addresses. Vulnerability assessment has to cover all the computer assets as frequently as required. Application Security testing under DevSecOps mode has to continue. Source code review, Configuration review, and Firewall policy review have to be conducted including IS Audit Review from time to time. 
4) Last but not the least, a robust cyber security posture, based on a strong enterprise-wide cyber security culture, has to be created by every organization and continuously monitored & strengthened. If everyone is duly cybersecurity conscious it will reduce the growing cyber security concerns significantly. 
IT Governance Manager in Consumer Goods, 10,001+ employees
Cybercrime continues to evolve with more sophisticated attacks occurring as criminals find new and improved ways to ambush their targets. Things like DDoS attacks, ransomware, and phishing schemes weren’t a concern for businesses in the past but now represent daily threats.
With best practices and the right tools in place, you can rest assured that you’re doing all you can to protect your business. But even the best tools can’t protect you against the human element of cyberattacks. Thwarting attacks often comes down to plain old common sense, which coincidentally is completely free. Many of the attacks involve an element of social engineering, the best defense against which is having your wits about you. For this reason it's very important to strengthen the internal security culture, and for this, you don't need sophisticated tools and costly solutions.
Director ERP Management in Travel and Hospitality, 1,001 - 5,000 employees
Review your intrusion detection system (IDS) notifications daily and make decisions based on the facts.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%



Each brand has separate teams, tools and workflows.13%

Each brand has separate tools and workflows, but centrally managed by one team.67%

All tools and workflows are centralized across all brands, and managed manually by one team.17%

All tools and workflows are synced and automated through a centralized vendor.3%