Cybersecurity: Creating a Foundation to build on

Image

The cybersecurity landscape has become more complex for many reasons. For one, it is the constantly changing risk environment where businesses are compelled to confront evolving threats and actors that leverage emerging technologies and advanced tactics. Cybersecurity has become a top priority for boards since they realize that being cyber resilient is a strategic choice and a competitive advantage.

Complexity is a growing concern

Many businesses opt to mitigate these growing threats by buying cybersecurity technology solutions. According to Gartner, the cybersecurity market will balloon in the years following, generating nearly $262 billion in global spending in 2026, reflecting a constant-currency compound annual growth rate of 11% from 2021.

However, this is a strategy that adds to the complex cybersecurity landscape. Cybersecurity professionals are all too familiar with the vast number of cybersecurity products in the market, ranging from data protection to identity and access management to vulnerability management. Businesses find themselves having to manage close to 76 cybersecurity tools.

This number and diversity of tools sometimes create more problems than the ones they’re trying to solve. Interoperability, configuration, and management of all these solutions, coupled with the need for more specialized staff to administer them, create security gaps that are difficult to close.

Keep your infrastructure simple and consistent

The answer to the complexity problem is to make the cybersecurity environment less complex. Since businesses cannot influence or alter the external risk complexity, they should consider creating a simpler security infrastructure. As companies run and environments change, they should value a consistent, foundational, practical, and continuous philosophy as the bedrock of their ecosystem.

Getting the fundamentals right requires that businesses have answers to these questions:

1. Are we monitoring and policing the main channels of data egress?
2. Do we have visibility into the risk created by known vulnerabilities?
3. Have we deviated from the stated secure configurations?
4. What is happening in our environment? Can we see changes that could be indicators of compromise?

Making the cybersecurity ecosystem more straightforward is especially important for growing companies and multi-division corporations or during mergers and acquisitions. Ensuring consistency of basic security tooling is beneficial for all involved stakeholders, boards, executives, and security professionals. It is also the best way to ensure that security enables productivity and innovation without placing hurdles in the employees’ work.

The three musketeers of consistent cybersecurity

To solve the complexity problem, businesses could start by focusing on these three key tools.

Data protection

Data protection is the key outcome of cybersecurity. It is also an essential requirement of all privacy and security regulations, acts, and standards. Protecting corporate and personal or sensitive data starts with understanding where your information is and how it travels.

Discovery begins with scanning all prevalent data egress channels, from e-mail to USB to uploads to prints. Businesses must ensure that no sensitive data leaves the organization and that the data is protected with encryption when required. Dedicated email security solutions can help organizations maintain clear visibility into outgoing communications, reducing human errors and the risk of misdelivery.

In addition, stored data must be classified per confidentiality, criticality, and sensitivity. Proper classification enables adequate data protection measures. While data classification technology is helpful, it is ultimately up to people to correctly identify and classify information. Therefore, businesses should focus on training and empowering employees to exercise data security through classification technology.

Finally, as data is accessed from diverse locations using various devices and streams to enable collaboration, enforcing access security through digital rights management is crucial. Limiting access to only the individuals concerned is the first step to zero trust security based on the least privilege principle.

Security Configuration Management

Network security begins with asset discovery. This foundational control allows organizations to inventory all authorized and unauthorized hardware, software, and other devices. IT security personnel can use that information to track authorized devices and software. They can also deny access to unauthorized and unmanaged products and prevent unapproved software from installing or executing on network devices.

Once enterprises have discovered all their assets, they can move on to security configuration management (SCM) to ensure the integrity of their products and systems. SCM establishes baselines and helps businesses to manage and remediate deviations from stated configurations for their assets. SCM ensures that:

• All systems have been deployed with the correct, secure configuration
• All inconsistent configurations have changed
• Homogeneity and ease of management across all divisions and business units

File Integrity Monitoring

File Integrity Monitoring (FIM) is a technology that monitors and detects file changes that could indicate a cyberattack. FIM specifically involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. FIM, a type of change auditing, verifies and validates these files by comparing the latest versions to a known, trusted baseline and alerts the security team to investigate the issue further and determine if it is an indicator of a compromise.

As businesses seek to consolidate tools and simplify operations, attention to these fundamental tools helps drive consistent security across your organization, meet regulatory requirements, and deliver a robust foundation to build.