Assessing the year ahead, budgets are getting tighter and cyberattacks are becoming more relentless. It’s vital for organisations to avoid cutting corners and save money in the long-term by not opening themselves up to attackers and ransom demands. Paul Dant, Senior Director of Cybersecurity Strategy & Research at Illumio, shares his insight.
It’s a good time to be a hacker. An alarming notion for CISOs and anyone else with a security remit, but it’s a hard truth borne by a relentless and constant stream of pervasive and costly breaches. From supply chain attacks like MOVEit to incessant cloud compromises, near daily attacks on healthcare providers and other critical infrastructure operators, the last few years have seen countless threats that are continuing to increase in both scope and severity.
Clearly, there’s something the industry is getting wrong – because attackers keep succeeding.
Despite enterprises pouring large sums of capital into bolstering their cyber defences – Gartner predicts US$215 billion will be spent globally this year – the cost of attacks continues to climb. In fact, IBM estimates the average global cost of a breach stood at a record US$4.45 million last year.
To successfully fight back against today’s threat actors, organisations need to do more than simply increase their spending. Security investments must be focused in the right areas to ensure the spend is truly delivering maximum business return on investment (ROI) and furthering organisational resilience against the backdrop of today’s advanced and persistent threats.
Why cybercriminals are thriving today
As a lifelong hacker and security researcher, I can tell you first-hand: hyperconnectivity and hybrid cloud environments, coupled with geopolitical and economic instability, make for a perfect storm for cybercrime today. Organisations are investing heavily in Digital Transformation and cloud migration efforts, but many are doing so with a great deal of uncertainty – and with cybersecurity as a clear and evident afterthought.
The C-suite is often unsure of how the cloud operates, yet they’re under pressure to rapidly adopt it for business growth and productivity purposes. The result is an expansive, ever-widening attack surface that organisations barely understand which bad actors can all too easily exploit.
In fact, it’s never been easier for cybercriminal groups to acquire easy access, expertise and resources, thanks to trends like Ransomware-as-a-Service. That’s why we seem to hear of new breaches almost daily, and there are so many more that go undetected and unreported. In many senses, the biggest challenge for cybercriminals isn’t breaking in – it’s ensuring that they don’t do anything obvious enough to get themselves caught.
A new way to approach resilience and ROI in 2024
The repeated success of traditional attack tactics, coupled with new threats posed by emerging technology, makes it clear that organisations need to change the way they are investing in and thinking about cybersecurity in the year ahead.
Security strategies must extend beyond traditional measures like endpoint protection and perimeter defences to focus on mechanisms that thwart lateral movements within and across hybrid IT. Because unless organisations can shift their strategy to defend against modern adversaries more effectively – in the cloud, the data centre and across remote devices – bad actors will continue to have the upper hand.
Particularly with budgets tightening and the threat landscape widening, it’s never been more important for organisations to showcase a greater ROI when it comes to security. This means going beyond just showing quick, meaningful value, but also demonstrating and advocating for the benefit of cybersecurity investments in furthering the business bottom line.
To do this, SecOps leaders must start by defining clear objectives and desired outcomes for cybersecurity expenditure. To succeed, spending needs to be aligned with specific organisational objectives, coupled with timely and attainable goals. It’s also imperative to assess and regularly test your organisation’s current risk posture. It’s impossible to prepare an effective defence without fully understanding what your most critical assets are, where visibility gaps lie and what happens when a breach inevitably occurs within your organisation.
Once these baselines are understood, the third step is to secure buy-in from the business. Aligning security strategies with broader business objectives and securing support from senior management is essential for securing the initial budget, and for an effective implementation. It can be beneficial to promote a focused strategy here. Instead of proposing to implement advanced, tactical strategies everywhere all at once, concentrate on the most valuable and at-risk areas first. This will make it easier to budget for your strategy, secure buy-in and report on success.
Focusing on containing and responding to breaches
When deciding where to place your bets, it’s important to recognise that even with the best defences, it’s impossible to guarantee that your organisation won’t be breached. In fact, in today’s world, it’s inevitable that you will be. The scope and complexity of modern networks, the fallibility of the human element and the rapid emergence of new technologies all work in the attackers’ favour – and they only have to get it right once to succeed.
By adopting an ‘assume breach’ mentality, or proactively preparing for breaches, organisations will be better enabled to address today’s reality that breaches do happen (a core tenet of the Zero Trust methodology), and they’ll be prepared to limit their impact when they next occur. In the past, it’s been almost taboo or negative for security teams to think this way, when the reality tells us that this is the kind of forward-thinking approach we need to see from more security leaders. Otherwise, we’ll continue to get security wrong.
As a hacker, my advice for any organisation looking to shore up resilience is to focus foremost on limiting the attack surface, and figuring out how you can quickly contain breaches when they do occur. This is especially key with fast-moving attacks like ransomware that aim to maximise damage in a short amount of time. Zero Trust Segmentation (ZTS) is one of the most successful approaches here, breaking the IT environment up into small sections – limiting access and monitoring communications between segments (while not impeding productivity) to ensure that unauthorised movement across environments are immediately locked down as soon as they’re detected.
ZTS has been shown to reduce the blast radius of attacks by up to 66 percent, resulting in savings of up to $3.8 million by reducing downtime from attacks. The approach delivers ROI in other areas too, potentially saving 90 percent in SecOps labour and up to $3 million in tool consolidation costs.
We know that ongoing digitisation and cloud migration efforts will continue to be fertile ground for threat actors in the year ahead. Enterprises must ensure that they’re aware of the risks these developments bring and keep security investments front of mind as they continue to expand their digital footprints. With a better understanding of their IT infrastructure, and with visibility and containment taking precedence, firms can better ensure they are looking in the right direction when it comes to allocating and prioritising their cyber spending. Making sure that they’re well prepared to underscore how those investments translate to wider business priorities. Afterall, investing in highly effective solutions like ZTS will not only deliver a greater ROI on a tight budget, but it’s also the kind of investment that saves millions more down the line.