He added that companies should look at acquiring a more balanced investment portfolio - invest less in technology that are on the preventive end, and more on detection and remediation.
The security trinity: Visibility, analysis and action
It is obvious that there are no silver bullet solutions to security and it is idealistic for companies to find a foolproof way to prevent security breaches entirely, but this does not mean that organisations should simply give up on their security strategy and stop trying to defend against threat attacks.
In addition to preparedness for a breach event, there are strategies organisations can implement to significantly reduce the likelihood or impact of a breach before there is a need for damage control, said Kok.
Diligent approaches to cybersecurity can ensure that breach effects are minimal and contained. Implementing an Intelligence Driven Security Strategy delivers three essential capabilities - visibility, analysis and action - to help prevent inevitable breaches from causing irreparable damage or loss.
To design optimal defense strategies and prioritise activities, organisations need more visibility into risk. Delving deeper into this idea, Kok said that most organisations do not possess a pervasive and deep understanding as to what's happening within their company network. They need to understand who and what are on their networks, what they are doing, and whether that behaviour is appropriate.
Kok also lamented that the technologies adopted by most companies tend to have "limited visibility" because they only have the capability to look out for a particular bad behaviour. As such, they fail to capture the whole network situation and are unable to detect the bad guys on their network.
"Similarly, if you think about the 9/11 incident, the people that actually took down the plane are dressed like the average people, just like you and me. None of the bad stealth would have been detected because the military is looking out for people that are outrightly dangerous - those who are driving a tank or aircraft carrier, or on the lookout for airplanes coming in," said Kok.
"All the defenses you have can't work if you cannot differentiate between the good and the bad guys. A lot of our technology are designed the same way too - it's not effective if it's unable to recognise the bad guys which are not part of the known bad," he added.
Analysis on the other hand, involves understanding normal state behaviour and then looking for anomalies. By knowing what is "normal", an organisation can spot, investigate and root out abnormalities that result from malicious activity. Once an anomaly is discovered, contextual analysis determines the appropriate response.
Lastly, action refers to the response to confirmed malicious anomalies. Rapid action allows organisations to mitigate potential threats by enforcing controls such as access restrictions or additional authentication. Action also includes remediation processes and activity. The key to success is consistency, so that each time an analysis finds something potentially threatening, the organisation can "operationalise" the response.
Sign up for CIO Asia eNewsletters.