How to overcome common cybersecurity shortfalls

Sept. 3, 2021
Cybersecurity programs must evolve with the shifting threat landscape and your changing operational and strategic demands

Cybercrime is a serious threat, costing trillions of dollars annually. Most organizations get this and have made significant steps to protect themselves. They are training their employees, creating and enacting security plans, and investing in technology and tools that can help find and counteract threats.

But what organizations might not fully grasp is how vulnerable they still may be, and where their cybersecurity strategies and technologies fall short.

Security Missteps and How to Avoid Them

According to Juniper Research, the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%.  Of the many threats organizations face, ransomware is particularly troublesome. These types of threats are becoming more frequent and more dangerous, and they amplify risk exposure and illuminate security shortcomings. In the first half of 2020, ransomware accounted for 41% of all cyber insurance claims filed, according to cyber insurance and security firm Coalition.

So, what are some of the common gaps in organizations’ security programs? And what are some simple yet effective strategies to boost protection and help detect and mitigate the risk and severity of attacks?

Underutilized security tools -- One of the most common mistakes is to purchase a security tool and then fail to use it to its fullest capability. Be sure to capitalize on all the functionality and consistently update the technology with any patches, enhancements, and new versions.

Also, if you’ve made the investment in a technology that’s working for you, don’t just limit it to a division or region – scale it across the enterprise. That means you shouldn’t spend the bulk of your time and budget on pilots and scaling new technologies before you’ve maxed out the value of your basic security tools – firewalls, antivirus software, access controls, endpoint security, encryption tools, managed detection services, etc.

Immature cybersecurity programs-- Insufficient incident response plansBe sure your enterprise cybersecurity plan is comprehensive and includes:
  • Penetration testing and other proactive activities
  • Proper security solution architecting with layers of control to find and mitigate attacks 
  • Implement proper security incident monitoring across the enterprise both on-premise and in the cloud. 
  • Robust disaster recovery measures in the event something happens
  • Periodic reviewsof security solutions to ensure continued effectiveness,
  •  A documented and tested incident response plan 
  • Remember, cybersecurity measures don’t end once an attack is contained. Forensics will be used to gather data and images of compromised systems. You’ll have to fully understand and document the timeline and assess what was compromised and how deep the attack went. Your legal team will have to review any impact on regulations and determine any legal vulnerabilities. All these steps need to be spelled out in your plan.

    During this time, which can last a week or longer, very little recovery or restoration gets done. Then, the work will begin to fix gaps, patch and harden any systems, and strengthen endpoint security. Expect to layer in new technologies like threat monitoring, and perhaps decide to transfer portions of your cybersecurity program to a monitoring service. These activities should be outlined in your plan as well.

    Data Exfiltration Risks

    Since more employees are working from home, organizations should consider tightening access control security. You’ll have to find the right balance – advanced encryption, and higher levels of security can make it harder to screen traffic, but now it’s a lot easier for threat actors to sneak in compared to when traditional services were all run on-premises. The same is true for collaboration software, which more companies are using for messaging and meetings. The newer solutions facilitate easier communication, but it’s a double-edged sword since many security controls such as firewalls can be bypassed. Endpoint security tools and MFA can add critical layers of protection.

    Identity and access management (IAM) solutions help to ensure identity, and proactive monitoring of directory services to track permissions and access to network resources can help mitigate lateral movement if an attacker does get in. Another key practice is the use of an ongoing vulnerability management program that regularly scans external and internal assets for trouble and prioritizes remediation, based on severity, of any vulnerabilities discovered.

    Inadequate endpoint security program -- Endpoint security is literally your last line of defense – and if you are like many enterprises with high numbers of remote workers – a critical component of your security posture.

    Acquiring the right endpoint security products can be complicated, and it needs to be properly deployed across your enterprise. While it may be tempting to buy the best, what’s more, important is to find the solution that works best for your unique requirements. Most endpoint security solutions protect against automated and manual threats by leveraging the following key capabilities:

    • Incoming threat detection and prevention
    • Execution-based threat detection and prevention
    • Continuous analysis and remediation post-infection 

    To ensure your endpoint security is strong, catalog your endpoints and fully assess them for any vulnerabilities. The implementation of an enterprise vulnerability management program is also very critical to tracking and remediating high-risk vulnerabilities across the enterprise.

    Cybersecurity programs continually evolve with the shifting threat landscape and your changing operational and strategic demands. Getting it all right is a moving target, but organizations are making progress. As always, there’s more work to be done, and their additional layers of protection not mentioned here. But there are simple effective strategies that can be done to strengthen your security posture, deliver quick wins against threats and help you mitigate damages in the event a threat actor gets in.

    About the author: Tunde Odeleye, CISSP, CISA, CISM is the director of penetration testing services for Insight Cloud + Data Center Transformation (CDCT). He serves as the Lead Security Consultant on all security engagements providing strategic planning, consulting and implementation services in the areas of PCI and HIPAA Compliance Assessment, Information Security Risk Assessments, Enterprise Threat Management and Incidence Response, Microsoft PKI Solutions Design and Implementation, Penetration Testing and Vulnerability Assessments, Data Loss Prevention and other risk-related services to enterprise clients.