Never before has cybersecurity presented such a complex challenge. IT infrastructures now consist of employee desktop PCs and Macs, servers and storage platforms, multiple private and public clouds, on-premises data centers, and hundreds to thousands of mobile devices and apps. The emerging Internet of Things (IoT) adds even more end points, with many companies already gathering data from numerous connected devices.
While enterprises struggle with this growing IT complexity, they face three significant technology gaps when it comes to implementing effective security across their IT infrastructure: no real-time visibility into all the elements; no holistic view across the entire IT environment; and no real-time actionable insight into where the security analyst must focus.
These are serious shortcomings in today’s cybersecurity landscape. If enterprises can’t quickly see what’s going on within their own IT environment, gain complete visibility into that environment, or glean insights into the security data they are gathering, how can they possibly keep up with all the cybersecurity threats they are facing? Let’s examine each of these gaps in turn.
GAP #1: Lack of Real-Time Visibility
When dealing with hacker attacks or data breaches, delaying even a few minutes before taking action can be costly (even devastating) to an organization. Cyber criminals and other bad actors count on the element of surprise and attempt to go undetected while infiltrating systems and stealing data. This means there’s a greater chance that attacks will end up more costly for organizations.
In its 2016 Cost of Data Breach Study: Global Analysis, Ponemon Institute reported the average total cost of a data breach for the 383 companies in 12 countries participating in the research increased from $3.79 million in 2015 to $4 million in 2016. The time to identify and contain a data breach affects the cost, Ponemon says. For the second year, the study showed the relationship between how quickly an organization can identify and contain data breach incidents and financial consequences.
Immediate awareness of attacks requires real-time visibility into what’s going on with enterprise networks and systems at any point in time. However, since most companies do not possess this real-time visibility, they’re at a distinct disadvantage when it comes to defending themselves and minimizing the damage incurred.
They also lack real-time visibility into mobile devices and other endpoints or cloud-based services. Many still have security systems that look at data that might be two or three days old. If a CIO or CISO asks for a status report on the company’s exposure and has to wait days to get an answer, that’s a recipe for serious trouble.
GAP #2: Lack of Comprehensive and Holistic View
What constitutes the “IT infrastructure” has changed drastically from even a few years ago. The typical enterprise technology environment now includes on-premises data centers, a multitude of cloud services, hundreds or thousands of mobile devices and apps, and a large remote workforce.
Adding immeasurably to the scope of the IT domain within organizations is the emerging IoT, and for some companies, the Industrial IoT. Countless devices, sensors, consumer and business products, corporate assets and other “things” are connecting via the internet, gathering, storing and transmitting data over wired and wireless networks to company data centers or other locations.
Research firm Gartner estimated that 6.4 billion connected things were in use worldwide in 2016, an increase of 30 percent from 2015. The firm forecasts the total number of connected things will reach 20.8 billion by 2020.
All of these trends add up to an “endpoints everywhere” situation, with no real organizational boundaries when it comes to data and the protection of that data.
While many organizations have security monitoring tools that provide some level of visibility, few have comprehensive visibility into their technology environment. They simply have no clue as to what’s going on in vast portions of the infrastructure – which means far too many holes in terms of cybersecurity coverage. For example, a company might have solutions that address security issues with physical devices, such as PCs and servers, along with other tools to monitor operating systems or some cloud services. But they don’t have a solution that addresses security visibility in a uniform, comprehensive way.
Therefore, any of these IT components is potentially open to attack, leaving the enterprise vulnerable.
GAP #3: Lack of Data Insights
The third missing piece of the cybersecurity puzzle is the ability to glean actionable insights through analytics. Imagine how much organizations could improve their security posture if they could perform analytics in real time on data being gathered, and know what actions to take.
Let’s take the example of antivirus software. Enterprises could apply analytics to the data gathered from these systems and quickly know if a particular event is something out of the ordinary that needs immediate action, or is a harmless anomaly that can be ignored. Analytics on data gathered over a period of time can also enable managers to identify trends that indicate malicious activity that would otherwise go undetected.
Analytics mechanisms can bring data in from a variety of systems within the enterprise, such as enterprise resource planning (ERP), customer relationship management (CRM) or enterprise mobility management (EMM), and display trends on easy-to-understand dashboards that tell managers if something is not right. They could quickly learn, for example, that certain devices used by the marketing department were operating correctly or not in compliance with security policy.
Given that companies today are gathering more data than ever, they have an excellent opportunity to leverage these enormous information resources to enhance security. When combined with real-time visibility and a comprehensive view of the enterprise, data analytics gives organizations an extremely powerful tool for proactively dealing with a variety of security threats and vulnerabilities. With threats on the rise and becoming more complex, security and IT executives can provide the enterprise with defenses needed.
Finding a Cybersecurity Solution
As stated in the Ponemon report (2016 Cost of Data Breach Study: Global Analysis), an organization is able to save a little over a million dollars per breach if their mean time to detection is less than 100 days. Further, if the mean time to resolution is less than 30 days, they can save another $1.17 million per breach. Such statistics only includes the direct costs involved. If we add the indirect costs arising from loss of trust among customers and erosion of brand equity, the negative impact to the organization could be much worse.
Unless they find a way to address today’s security gaps, businesses cannot develop a comprehensive, effective cybersecurity strategy. When exploring investments in new security products, IT and security decision makers should look for solutions that help close these gaps and provide the level of data protection companies need as they strive to become digital businesses.
New-age security companies are developing solutions that enable businesses to have real-time visibility of IT components throughout the enterprise, with analytics to provide actionable insights to address security threats immediately. These tools can provide “out-of-cycle” visibility into IT operations that is immensely valuable and truly complement the regular IT operations.
Cybersecurity becomes more challenging every year as hackers, criminals and other bad actors look for new and more sophisticated ways to break into systems and wreak havoc. Within the past few years, ransomware and distributed denial-of-service attacks have become commonplace across a variety of industries. With attacks such as these, time is of the essence. Enterprises can’t spend days or weeks assessing what happened before taking action -- the damage will have already been done.
With the net savings generated by new age tools, they would very quickly pay for themselves. By covering both the direct and indirect costs associated with a breach, it would be a handsome positive on their return on investment. For their part, by filling these important gaps in cybersecurity strategies, enterprises can provide stronger data protection for themselves, as well as their customers and business partners.