Q & A
EDITOR ’ S
Cybersecurity today is a global discipline as threats are growing in sophistication and frequency . Each organisation has a different core business and a peculiar customer interaction process , leading to different types of exposure . While core data must always be carefully protected – typically from ransomware or data-extracting techniques like SQL Injection – it is solely the activity of the company that determines the cybersecurity priority . For instance , Web threats for e-commerce companies , OTs for industrial companies , Remote Execution for Utilities , and so on .
GIORGIO GHERI , CTSO EMEA , QUALYS
Organisations of all types must also pay attention to the “ value chain ” they are part of , given that for sophisticated attackers , it ’ s much easier to attack the weaker link in a chain , versus a much stronger final target .
If we look at the security landscape today , there are hundreds , if not thousands , of vendors in the market . What is more concerning is that – on average – a small organisation uses 15 to 20 security tools , a medium-sized one uses around 70 and a large enterprise could be using up to as many as 130 different cybersecurity solutions . Many of these solutions are specialised , offering very niche functionality but all of them are producing an overwhelming number of events , logs , data .
The main pitfall to avoid is thinking that increasing efficiency of cyber defences and reducing budgets are incompatible . With increase in the number of areas to secure , going down the path of enhancing or adding point solutions – because they are supposedly sharper in finding and blocking threats – would be a mistake . What is needed is an accurate and automatic correlation and prioritisation of all threats and events taking place .
Given today ’ s complexity , if organisations only look at “ how to better secure ” their IT disciplines , they will soon realise that adapting their security plans to cater to
The main pitfall to avoid is thinking that increasing efficiency of cyber defences and reducing budgets are incompatible .
upcoming sectors and threats is extremely difficult . They would very soon experience the need to continuously ( and expensively ) patch the design , leading to a clear loss of control and agility .
So instead , I would suggest using backward planning . Backward planning that focuses first on the final target ( in terms of quality and tasks ) and then on the process to get there , whatever the starting point is that allows to define a framework / standard where the security solutions can fit harmoniously , today and tomorrow .
The biggest concerns come from the expansion of the internal perimeter into a very fragmented geography where visibility , accuracy in detecting the vulnerable and exploitable surfaces , and prioritising remediation becomes much harder . •
INTELLIGENT TECH CHANNELS Issue 45 53