What happens when the enemy evolves? In order for the company to keep its castle safe, it needs to change its mindset and understand that they are no longer dealing with the same enemy as before.
Changing mindsets on Cybersecurity to match the evolving threat landscape
Today, the focus is on preventive technology. In the castle analogy, this would be the equivalent of the strong walls, narrow windows, and a moat - anything in place to ensure that intruders can't get in. While it's absolutely necessary to make sure you have adequate defenses on the outside, none of these preventative measures are able to do anything about aggressors that have already gotten into the castle.
The mean time to detect a threat and mean time to respond is currently in months - hundreds of days - long after the damage has taken place and is too large or severe to salvage. Once the detection and response times are closer together - in the weeks, days, or even hours, ideally - companies can meet that challenge of seeing your environment in real-time, and knowing when you have an intruder you need to deal with.
How can this be done? By not holding 'compliance' up as a shield. 2014 was a year of major breaches - and many of the major breaches that took place last year happened at companies that considered themselves compliant to security standards. Being compliant to regulation is not the same thing as being protected: enterprises can no longer be satisfied with a 'check the box' mentality. Regulation is a good start, but by no means does it comprehensively cover a company's security measures.
Once companies change the 'check the box' mentality towards cybersecurity, the realise that the threats that their businesses are facing aren't necessarily ones that fit into a checklist or a framework. That's why preventative measures are not enough.
Let's go back to the castle analogy: you have a well-fortified castle but you're not dealing with an enemy that's knocking on your gate anymore. You're looking at enemies that are wearing your uniforms, or drones that are attacking from above - a more sophisticated intruder that you can't prevent from getting in. What can you do? You need to identify them, and respond to them in a timely manner, before they can deal your castle significant damage.
The way forward: early detection and response
Organisations need to baseline their environment and determine who has access to which areas and what information. Can you see your environment? Are you aware of where your servers are, and what's on your servers? Where is your sensitive information? Who is allowed to access what information? We help organizations create that baseline so they can see, with the help of analytics, if something is going wrong in real-time. For example, if an employee's credentials are compromised, any new activity from that account is and should be a red flag.
Sign up for CIO Asia eNewsletters.