In the last blog, we learned some of the threat predictions FireMon’s top minds see in store for cyber security in 2017. Today, the conversation picks back up to delve into how companies will behave and act upon those risks.
Shifting the Investment
Last time, Paul Calatayud, CTO at FireMon dubbed 2017 the year of the employee in cyber security. He predicted that “the role of the CISO will continue to demand more return on investments as the board brings on cyber talent to help govern companies.”
Josh Mayfield, Immediate Insight Solutions, notes that despite ROI for deflecting or avoiding intrusions being established, investment in more technology doesn’t seem to be the answer. “Everyone ‘did the right thing’ with investments in IDS, next-gen firewalls, cloud security, GRC, IAM, and SIEM among others,” he said. “Yet intrusions and threats still remain; therefore, a posture of assumed compromise will increase, and the ROI related to addressing it will hinge on demonstrated response to compromise.”
He argued that though “Investments over the last 10 years have been essential, intrusions and internal security compromise still happens. So, now organizations have invested in vigilance; we’ll see an ROI centered around speed to response to threats as organizations take the posture of assumed compromise.”
Automation Key to Reducing Response Times
Pete Kobs, CRO, added that he thinks 2017 will see “The time to discovery for breach decrease as companies expect to be hacked and therefore this will help reduce the response time.”
To meet the talent shortages and minimize response times, Calatayud suggested that security teams will need to invest more in security automation as a way to meet demand. Mayfield said this is related to the assumption of compromise because “Within each security process, there are links in the systems that lend themselves to automation. The demand to insert automation in the process will increase, while maintaining decision-making portions of these processes to humans.
“For example, if you had eight links in the security process and you’re able to automate five of them, you’ve reallocated the human portion to the highest value areas. It is a discrete and combinatorial exercise, each organization will decide for themselves what should be portioned to automation and humans. They will “play” with these combinations to find the right mix for their environments.”
Align to a Strategy
Kobs also predicted that as “the gap between the security policy owner and implementer closes, it will force an increased responsibility for both parties when there is a breach or failed audit due to misconfigured or unmanaged systems and assets.”
So as security responsibility and awareness becomes more mainstream in organizations, Mayfield said that “Leading organizations will take on a healthy skepticism that will become a part of the fabric of security.”
To help companies align themselves with stronger security postures, Calatayud proposed that organizations ensure they have a CISO that understand and is aligned to business. This ensures that the proper risk management program is in place to identify and manage risks including a cloud position.
He urges: “Take a pause and define a company vision vs. a ‘me too’ vision. I see all too often CIOs feeling business pressure to have a digital strategy. Yes, this is important, but without a strong vision or reason, I have seen the blind leading the blind into cloud adoption and the impact, benefits, and risks not properly being evaluated until it’s an afterthought. Take a moment to define a strategy that has all the right folks at the table.”
Whatever lies ahead for 2017, if getting your security house in order is one of your New Year’s resolutions, FireMon is here to help. We’d also love to hear your predictions for the coming year, so do let us know in the comments below.