Flaming Torches and Cybersecurity

Some days, being a cybersecurity leader can feel particularly arduous — like following in the footsteps of Anthony Gatto. Who is he? According to Guinness World Records, Anthony has juggled more flaming torches at one time than anyone else on the planet.

As chief information security officers (CISOs), we, with increasing frequency, just want to get through the day without getting burned as we help our teams juggle security and business priorities and operational exigencies.

Perhaps, if one has a large team, there are enough hands to go around. But what of that larger number of us who are part of IT or security at a small or medium-sized business (SMB)? The juggling routine can prove significantly more onerous. I will share some pragmatic solutions for this in a moment, but first, let’s review some of the flaming objects now commanding our attention.

Cybersecurity Challenges Organizations Currently Face

• Finding security talent
  The 2021 (ISC)² Cybersecurity Workforce Study reported a global shortage of 2.72 million cybersecurity professionals. And the U.S. Bureau of Labor Statistics lists “cybersecurity analyst” as one of the fastest growing roles, with demand increasing 33% by the end of the decade.
• Budgeting for training and talent retention
  A recent Ponemon Institute Study found that more than half of IT & security professionals find their security operation centers (SOCs) to be ineffective, and 65% are considering quitting in the next year.
• Staying ahead of the evolving threat landscape
  The number of specialized updates the Cybersecurity and Infrastructure Security Agency (CISA) issues about increasingly sophisticated nation-state threat actors continues to grow. And a growing number of cybercriminals are implementing sophisticated tactics, techniques and procedures (TTPs) that used to be reserved for nation-states.
• Coping with increasing “tool sprawl” and decentralization
  Many organizations — and vendors — keep “bolting on” point solutions to address specific types of threats. However, this often results in too much complexity and a fragmented approach to security, which reduces the effectiveness of the overall security program.
• A growing number of attacks we are seeing are designed to reach large targets by compromising SMBs in the target’s supply chain
  They know SMBs typically are under-resourced in cybersecurity, and that many small and medium-sized organizations lack the expertise to defend against anything beyond what their firewalls can keep out. Therefore, as I’ve argued in previous columns, all boats must rise together in security, regardless of their size — or they’ll sink together instead.
• Grappling with the reality that “always-on” coverage is nearly impossible
  Even those with whom I speak that have decent-sized teams still face chunks of time where their security has gaps, based on employees being out on vacation, getting sick, or going on various types of leave and holidays. In this shortage-of-talent-environment, the continuous coverage organizations need is hard to come by.

Two Strategies for Continuous & Robust Cybersecurity

I suggest two main strategies that can help organizations of all sizes, but especially SMBs with limited budgets and staff.

First and foremost, take a close look at managed extended detection and response (XDR). XDR represents the next generation of endpoint detection and response (EDR) that expands visibility across the entire environment you operate in. It’s a holistic approach that eliminates blind spots, but it can be expensive and unwieldy — even for large enterprises with extensive security staff and in-house expertise. Managed XDR makes this advanced level of security accessible because you rely on a trusted partner or specialist to implement it. And it can be more cost-effective than building and maintaining XDR capabilities in-house. A key point here: Only consider a managed XDR partner that can augment your security team every single day of the year, around-the-clock, with highly trained staff, using tools that you know and trust.

Secondly, find technology that can prevent attacks before they happen, through proven predictive artificial intlligence (AI) techniques. Traditional antivirus typically detects threats that are underway, then quarantines them, forcing a response. With predictive AI, for example, you can block up to 99% of attacks before they execute. This saves time, saves money, and reduces the pressure on your internal security team.

So, the juggling effort within cybersecurity can be burdensome. But there are strategies that can help us handle the flaming torches, while reducing the chance of getting burned. We may not end up in Guinness World Records anytime soon, but we can sleep easier at night. That is reward enough.