CyberSecurity in 2017: Need for a Comprehensive Security Program Assessment
In 2016, data breaches continued to take place across government, financial, healthcare, technology, education, retail, and other industries. A quick view of databreachlevelindex.com shows that daily on an average four million data records were stolen or lost, across the globe. This is a very alarming and a growing number especially for cyber security professionals, irrespective of whether they work at a strategic, tactical, or operational level in any organization. Such incidents have led to significant losses – financial, data, reputational, others, and because of these – at times even job losses. In the recent past, security professionals have realized that the defenses of the past are incomplete given the significant change in threat landscape because of significant high-speed advancement in technologies.
So what are organizations and security professionals thinking to do in 2017?
In 2017, many organizations will conduct a Comprehensive Security Program Assessment to take a relook at their entire cyber security across people, processes, and products. As an outcome of the assessment, following will be factored in the roadmap of cyber security.
Technology: New products will penetrate the market
Cyber security industry has seen several waves in terms of adoption of security products. The first wave was of host and network defense with mostly anti-virus, firewalls, intrusion detection systems, URL filtering, and email filtering. The second wave was mostly about access control and security testing with user/privilege access management, 2-factor authentication, PKI, vulnerability assessment, and penetration testing. The recent ongoing one is more specialized in nature – security information and events management (SIEM), data loss prevention (DLP), threat intelligence, end point protection (including MDM), web application firewalls (WAF), among others.
In 2017 and beyond, organizations will see new type of security products coming extensively in the market. In last two years, US and Israel based security companies have seen a lot of investment activity. There is heightened private equity investment in cyber security in addition to large security companies acquiring niche players. In 2017, organizations will see the following security products being actively getting into the system:
- Bug Bounty Platforms
- Crowd Security Intelligence Platform
- Cyber Ranges
- Hunt Operations Platform
- Website Defacement Monitors
- Incident Response Platform
- Breach Detection Platform
- Social Media Security Platform
- Cognitive Security Platform
- As such, organizations should evaluate fitment of new security products in their portfolio of defense in their cyber security roadmaps.
People: Co-sourcing ‘variable’ cyber security talent will become central
If we create a list of type of security product, their vendors, and the specific security product of those vendors, the list becomes very large. As a simple example, let’s take firewalls. Gartner’s magic quadrant has 15 firewall vendors within which there are umpteen number of firewall products. Chances are that your organization would be using Palo Alto, CheckPoint, Cisco, or Fortinet. Others would be using any of the remaining 11. Finding talent to manage these firewalls isn’t that difficult. However, once you add the full landscape of security products that your organization has or might procure – intrusion detection systems, endpoint protection, mobile device security, web application firewalls, security information and events management, data loss protection, vulnerability assessment, threat intelligence, and many others that will be seen in near future – the search for right security talent becomes very difficult.
Add to this the vast regulatory and industry compliance knowledge required – PCI/DSS, Sarbanes-Oxley, data privacy, ISO27001, HIPAA, NIST, and many others – the talent search (and then talent retention!) becomes very tiring for management. Further making matters worse is the ever-evolving cyber security both in offense and in defense. Managing all this within organizational budgets becomes extremely difficult for a CIO/CISO.
As such, in 2017, organizations will increase co-sourcing especially around new technologies and for those that are labor intensive (such as SIEM, DLP, VA/PT). By effective use of co-sourcing organizations can have a very balanced mix of cost and control, unlike in the otherwise heave internal or completely outsourced models. The co-sourcing models in cyber security are changing with partners open to ideas of ‘variable security resources’ i.e. ones where SMEs become available on need basis. For example, if your organization has two sequential projects of a SIEM and DLP that would require partner resources, partners are now more open to provide say a SIEM Alert Analyst now and a DLP Expert later under the same annual contract. Organizations which will make use of co-sourcing effectively in 2017, will have an edge over their peer organizations.
Policies, processes, and procedures: Automation will be key
Policies, standards, processes, and procedures are key to any organization. Over the years, the IT service delivery and management industry has matured a lot with most of the processes automated by either custom development or by adoption of ITSM tools. Similarly, the earlier governance, risk, and compliance industry which used piles of papers to demonstrate risks, controls, test of design of controls, test of operating effectiveness of controls, among others, got streamlined with advent of operational risk tools such as Archer.
The cyber security industry will go through similar change in 2017 and beyond. For example, if we take an incident management policy, process, and procedure of say ten global organizations, chances are that they would vary significantly. However, this will change. Incident Management Platforms will see a lot of proliferation in 2017. Similarly, entire security operations centers will see a lot of automation overall in terms of the processes as an example around “Responding” to cyber-attacks.
Overall, with the changes in offense and defense of cyber security across technology, legal, regulatory, geo, political, and other changes, 2017 will also see a lot of change. It becomes an imperative to take a holistic, fresh look at your organization to by taking the first step of conducting a Comprehensive Security Program Assessment to create a roadmap for next two to three years.