5 security strategies that can increase vulnerability
According to Verizon’s recent Data Breach Investigations Report, 2018 has already seen 53,000 cybersecurity incidents and more than 2,215 confirmed breaches—and we’re just halfway through the year.
Healthcare organizations were hit hard by incidents in 2017, and the pace appears to be continuing in 2018, data show. Last year, there were 477 healthcare breaches reported to the Department of Health and Human Services or the media, according to Protenus, a cybersecurity software company that tracks breaches.
In this environment, it’s no surprise that data breaches are an acknowledged reality, and organizations are investing heavily in technology and resources to combat the ever-growing threat. However, in their urgency to address security vulnerabilities, many organizations are making critical mistakes—the results of which can mirror data breaches in their lasting, negative impact on operations.
The following is a list of the five most significant ways in which misaligned security strategies can inadvertently wreak havoc.
To say that security teams are overwhelmed is an understatement. There are numerous factors contributing to the problem—a shortage of skilled workers, the vast attack surface associated with today’s hybrid cloud environment and the reliance on manual analysis, to name a few.
Security vendors are clamoring to address these issues, but in doing so, are also becoming part of the problem. Countless point solutions exist for every element of security, and this fragmented environment is fast becoming unmanageable.
Organizations need integrated options that address numerous facets of security, like web application security, content management, load balancing, DDoS and Bot mitigation, reducing both the number of tools to navigate and manage, and the burden associated with training staff.
Siloed information and lack of visibility
Security teams today have a two-faceted information problem—siloed data and a lack of knowledge. The first issue stems from the fact that many organizations are only protecting a small percentage of their applications and, therefore, have a siloed view of the attacks coming their way.
Most organizations prioritize sensitive, highly critical applications at the cost of lower tier apps, but hackers are increasingly targeting the latter and exploiting them for reconnaissance and often much more. It’s amazing how exposed many organizations are via relatively innocuous tier 2 and legacy applications.
The second, and more significant issue, can be summarized simply as, “you don’t know what you don’t know.” IT has visibility into straightforward metrics, but it often lacks insight into the sophistication of attempted breaches, how their risk compares with that of peers and the broader marketplace, and other trends and key details about incoming attack traffic.
With visibility to only a small percentage of the attack surface, it’s very difficult to know whether the organization is being targeted and exploited. Given current resource challenges, it’s unrealistic to attempt to solve this problem with manpower alone. Organizations must implement technology innovations that provide visibility across multiple touch-points and enable them to benchmark the performance of their security posture against the market.
Stringent security policies
Traditional technology is cumbersome to implement, and rollouts are often incompatible with the needs and expectations of today’s “always on” environment. To be successful, organizations must implement security policies and solutions that are easy to adopt and have minimal impact on the user experience.
Anything that is overly complex will result in resistance, low adoption and potentially could encourage users to investigate a workaround, which introduces new vulnerabilities into the organization.
Compliance vs. risk focus
Too many organizations make procurement decisions to address compliance needs without fully understanding how those solutions will address the real threats they face. They know they need a solution, but they let HIPAA, PCI or another requirement drive the selection process.
It’s common for organizations to invest in multiple solutions from which they may never extract the full value. Checking the compliance box is not enough; organizations need the right solution, and they must ensure it is utilized to its full potential to protect against the barrage of attacks.
With cybersecurity poised to remain a chief area of investment for the foreseeable future, it’s essential that organizations navigate these issues. As part of this, organizations must get a holistic view of their entire security strategy, assess its sophistication and ensure they are not putting the business at risk in their quest to combat hackers.
Nothing kills a security mandate faster than blocking legitimate traffic. In today’s competitive environment, organizations simply cannot afford to prevent legitimate users from accessing their systems. As a result, organizations are investing in firewall solutions but are not realizing the full potential—only deploying them to certain “mission critical” applications, for example, or de-tuning the blocking capabilities for fear of negatively impacting the business.
Organizations must run at sub-optimized security levels or invest heavily in manual analysis to determine actual risk levels. Ultimately, security teams are relegated to tuning static rules and custom signatures to combat complex attack scenarios without impacting legitimate users.
This is a recipe for a security disaster. While organizations’ fear of false positives is understandable, failing to deploy active blocking capabilities across all applications is not the answer. Rather than leaving the back door open to hackers in this manner, organizations must invest in solutions that cover all of their apps and can block with confidence.
Emerging technologies drawing on behavioral analytics can help organizations increase their trust in technology without the administrative overhead usually associated with firewall tuning. These technologies can also ensure that malicious activity is visible and thwarted without producing any adverse effects on legitimate customer traffic.