Evolving cyber threats are making enterprises more vulnerable to business losses and operational disruptions. To boost cyber resilience, enterprises need robust security strategies to protect their businesses. Rashmi Knowles, Field CTO EMEA for RSA Security, tells The Integrator how enterprises can build a holistic cyber strategy that works.

1. Why do enterprises need a holistic approach to cyber security?

Worldwide security spending on information security products and services is expected to grow to $93 billion in 2018, according to the latest forecast from Gartner.  Despite this level of spending, we have seen nearly 2,000 data breaches and nearly two billion personal records stolen.  Security technology alone cannot solve the risks to our business. Siloed security and business functions result in poor visibility and communication with each function only focusing on their priorities.  Connecting a security incident to a business context should be the ultimate goal of all organizations so security teams and the business need to close what RSA call the ‘The Gap of Grief’.

A number of forces make the Gap of Grief more treacherous:

• Modernization – Quickening pace of digital transformation
• Malice – Increasingly hazardous threat landscape
• Mandates – Industry and government forcing the issue

The demands of interoperability and availability, along with consumers’ and organizations’ appetites for modernization and innovation, can present constant challenges.  The stealth persistence and resourcefulness of malicious actors only seem to be increasing.  On top of that, new and more stringent mandates continue to raise the bar for compliance and digital risk strategies.

2. What are some of these solutions that can ensure cyber security for the enterprises?

The combined pressures of modernization, malice, and mandates are spurring a new way of thinking about security strategy, marked by a convergence of security and business risk in the enterprise.  Some organizations are starting to develop security strategies in collaboration with the broader IT, fraud, risk and business functions, seeking to inform security with relevant, context-specific information about what the business values most. Organizations looking to adopt such a business-driven security strategy should focus on four pillars to assure success:

Full Visibility

The security team must be able to see across all digital channels. Only with visibility from the endpoint to the cloud, with detailed analytics, can organizations identify and correlate security and business risks across the whole environment.

Rapid Insight

Faster insight through better analytics is paramount.  The modern business environment has a plethora of business and security tools and the more time needed to interpret an event or incident, the greater the risk.

Comprehensive Response

Security teams today take their finding from security tools and remediate in a way that is not scalable.  The most effective way to turn insights into action is to orchestrate and automate the response.  For example, when security spots a user acting suspiciously through a deviation on a baseline, they can enable the identity plane to take actions stepping up authentication to ensure confidence that the user is legitimate.

Business Context

Security and fraud teams can’t rely on what they see in their own environments.  Contextual intelligence facilitates faster and better decisions for the business.  For security teams understanding business context – such as the criticality of an asset can help prioritize work and determine urgency when managing incidents.

To deliver these capabilities requires a comprehensive threat detection platform like an advanced SIEM to provide complete end-to-end visibility, automated behavior analytics, and machine learning to find both known and unknown threats and provide enriched data with business context and threat intelligence.

Identity is replacing perimeter as the primary defensive frontline. Every transaction begins with some form of identity – a machine or a user, therefore a comprehensive identity and access management (IAM) platform is mandatory as a key building block.  Today’s IAM platforms must provide complete flexibility for the user and insight to the business to manage identities.

And finally, a comprehensive governance, risk and compliance (GRC) platform provides the glue to connect a security incident to a business context to determine the severity of the incident.  For example, if a security team detected unusual activity on a file server and had to make the decision to shut the server down, then most organizations lack the insight to determine what business process runs on the server and any other systems that could be impacted by the action.  Criticality of the business process and data also need to be determined.

3.What will be the key drivers for holistic cyber security solutions?

Three key factors will drive the demand for holistic cyber security solutions – Modernisation, Malice and Mandates.  As mentioned above, the stealth persistence and resourcefulness of malicious actors only seem to be increasing.  On top of that, new and more stringent mandates continue to raise the bar for compliance and digital risk strategies. Hence, organizations need to adopt a holistic cybersecurity approach – one which connects a security incident to a business context and result in high visibility and rapid response.

4. What impact will GDPR have on cyber security and the solutions thus created?

GDPR is based on best practices for cybersecurity; and connecting a security incident to a business risk becomes even more important in GDPR. Organizations that are already using industry standards like NIST and have adopted a business-driven security strategy will lead in the fight to protect their organizations.

5. Will these solutions make it easier for enterprises to continually assess security threats and take steps to mitigate them?

Adopting any security strategy must have the goal of constantly improving the capability model so that all the lessons learnt from an attack are fed back into a cyclical process.  The steps of Identify, Protect, Detect, Respond, and Recover must constantly be updated and refreshed with the latest learnings.