“A set security policy will not work in a digitally evolving environment”
Rajpreet Kaur, Sr. Research Analyst at Gartner
- What are the learnings from the state of the threat landscape?
There are so many reports we all have access to. There are lots of threat based reports, what kind of threats are coming, what kind of threats we need to take care of. And if you look and see through them carefully, the threats which have been traditionally there since years like spear phishing, emails being the weakest target continues to rise. There are ransomware attacks–we see these days more crypto mining attacks because of crypto currency being valid and globally accepted. So, it requires more and more power and CPU utilization and re the hackers want to utilize your CPU power.
We are seeing more crypto based attacks with increasing use of applications. We are seeing more application based attacks. All the businesses, be it small to large are introducing a lot of applications, especially mobile applications and on top of it they are opening APIs to integrate with other applications and that is where open API kind of attacks are coming. More bot based attacks are also being generated. More attacks towards IoT devices are happening too as adoption of IoT is growing.
So, the learning from the state of the threat landscape 2019-2020 is first you make sure the vulnerabilities which are important to your business or which are posing a threat to your particular business that need to be fixed. There can be more than thousands of vulnerabilities globally, but you need to prioritize those vulnerabilities based on your own business risks, which are your most critical assets that you need to protect. Then fix the vulnerability around that of other vulnerabilities that are being exploited today in the wild. In Gartner, we call it risk based vulnerability management program.
Now that we have worked towards fixing the vulnerabilities which have been always the biggest threat for an organization, we will talk about implementing better threat direction capabilities around our cloud and around our mobile users .
Having technologies like endpoint detection and response, network traffic analysis, deception platforms, will help the organizations to provide better detection and response capabilities. Ideally, everything should come through a SOAR platform, i.e. Security Operations and Reporting Platforms. And the last recommendation is develop a risk management capability which should be continuously assessed on a regular basis. An effective incident response is a very important capability so that we are prepared in case there is a breach because we are never hundred percent full proof.
- What is the vision for Security & Risk Management 2020?
The biggest challenge in front of us as security and risk management leaders and perhaps the biggest mistake which we are making is that we define a set of policies which we call as our cyber security vision/strategy but in reality the digital ecosystem is changing on a regular basis . So, we cannot have a set of policies which can govern out security management program, rather it should be continuous and adaptive.
For organizations and enterprises, we recommend to include CARTA i.e. continuous assessment and risk based model introduced by Gartner to implement as a part of their leadership vision strategy. Have an adaptive architecture, establish the right governance, and have the right ownership. These are very important for digital security. The ownership of digital security should sit with the business and not with a CISO or a CIO because the business are the owners of information, innovation, and they can only define what are the acceptable risks for them and then only we can establish controls. So, have an annual roadmap strategy, review it on a quarterly basis and have an executive mandate and always be adaptive and continuous. These should be the core of the leadership vision for 2020 for security and risk management program.