The natural trend in the cybersecurity industry is that spending money means you’re more secure; however, this isn’t always the case. While cybersecurity budgets will continue to increase in 2018, they will be increasingly focused on areas that will be most effective. We have observed over recent years most exploits lead back to unpatched or misconfigured systems. In 2018, IT teams will spend more of their budget on remediation systems with tools that can analyze, deploy and audit these fixes. Additionally, as companies purchase and incorporate these tools they will require personnel to configure and examine system output. This will likely lead to hiring outside (third-party) help because of the niche and high-demand skill-set.
This year we observed several bombshell news stories that were related to security breaches; such as Equifax, WannaCry, and from just last week, Imgur. Companies are learning that as they rely on increasingly complex systems it is also becoming more difficult to harden and monitor attack surfaces. Nowadays, systems are composed of internally written services and off-the-shelf or third-party solutions. This means companies need accurate ways to measure operations and detect anomalies which may indicate an attack. However, performing this type of analysis requires staff members who can review system and vulnerability tools’ output. Finding these trained analysts is difficult because there is a shortage of experienced security professionals in the industry. Frequently, this means hiring outside help from security as a Service (SaaS) vendors or allocating significant company resources to hire an experienced employee.
Regardless of the path your company chooses, ensure the resources you rely on are well-versed in vulnerability discovery and security monitoring. A good cybersecurity professional not only knows how to discover vulnerabilities by configuring tools appropriately and analyzing their output but can also analyze system messages for indicators of an attack. Security professionals should be able to identify known vulnerabilities and prioritize them accordingly based on their risk to the company. Additionally, they should apply their knowledge of how attackers infiltrate systems to aid in identifying actions attackers perform. These types of professionals or service providers can cover both the offensive and defense sides of securing systems.
That being said, in 2018 security professionals will need to work more closely with IT administrators. The majority of major security breaches in 2017, such as what happened at Equifax, could have been mitigated with proper patch management. The security team should do the job of identifying threats and making recommendations that will harden systems. But to completely implement fixes and necessary updates, they will need to work in tandem with IT systems teams. As new vulnerabilities are discovered, developers issue patches, and the IT team needs to understand which of these are critical, test the patches and deploy them. Lastly, they need to maintain an accurate audit trail for deployed patches so the security team can cross-reference it with newly-identified and known-vulnerabilities. These activities will significantly increase the posture of the cybersecurity program and reduce risk to a company’s assets.
To recap, companies are reactionary to security vulnerabilities; they often buy expensive tools without knowing how to configure or use them. Or, they may hire a security individual without much direction. As they investigate how to effectively mitigate business risks, discovery will show that in the “arms-race” between builders and breakers they need to be proactive with regard to identifying possible exploits, monitoring their systems and remediating vulnerable assets. As companies tune their 2018 budgets and allocate resources to security programs, many will want to have insight into inherent and potential risks. If the security program has a first-class seat at the budgeting table they can assist with strategizing and mitigating possible breaches through a more proactive, 360-degree approach which includes vulnerability discovery, patch management and continuous security monitoring.