Why are current cybersecurity incident response efforts failing?

Why are current cybersecurity incident response efforts failing?


Enterprise-critical applications, such as enterprise resource planning (ERP) systems provided by SAP and Oracle, are considered the jewels of the enterprise crown. These assets contain the most valuable data of an organization: from confidential financial information to private details of customers and partners. Attackers accessing these applications can lead to mass destruction, hijacking an organization’s payroll system, shutting down its manufacturing facilities, or transferring large sums of money to its own bank accounts.

incident response approach

Despite the high value of these applications, they are constantly threatened by the discovery of critical vulnerabilities. At the same time, security teams are perpetually challenged with limited bandwidth and resources.

This article will explore why current cybersecurity incident response efforts fail and how a proactive, risk-based approach enables companies to reduce exposure more effectively and maximize the return on their limited resources.

Understand gaps in current incident response processes

Many companies invest heavily in many layers of technology to ensure their critical operations. To control all attack vectors, they spend money on endpoint security tools, network defenses, authentication and identity solutions, application delivery services, and more. While these capabilities are crucial, very little budget or time is allocated to critical applications that contain the most important assets. Many threat groups have highlighted how cybercriminals can go directly into business-critical applications and remain undetected for months, even years, while silently diverting millions of dollars.

The law of declining returns is very common in cybersecurity: the first layer of defense over any asset or for any attack vector reduces the risk more significantly. Now that critical applications are directly targeted, they must also be directly advocated.

Organizations often generate incident response manuals that describe strategies based on a type of attack (e.g., ransomware or zero-day exploitation). However, gaining a deeper understanding of an organization’s critical business application landscape and creating a playbook focused on the most important assets, systems, and processes can be much more effective in reducing the organization’s risk. .

Take a risk-based approach to incident response

A risk-based approach to incident response allows companies to prioritize vulnerabilities and incidents based on the level of risk they pose to an organization. The easiest way to frame risk is to calculate the frequency of occurrence and severity. Malware often comes to an end, and the answer and cleanup can cost thousands of dollars (both directly and in lost productivity). In addition, and security teams around the world would agree that vulnerabilities in Internet-connected systems must first be prioritized and corrected. These systems are constantly under attack, and as the rate of occurrence begins to approach infinity, so does the risk.

Similarly, there have been many threat groups that have cost companies millions directly and in some cases tens of millions in lost operations and downtime of the ERP system. Large companies measure the cost of simple maintenance windows on ERP systems by the tens of millions. It is therefore difficult to imagine the substantial calculations of a breach of a business-critical application. As gravity increases to this order of magnitude, so does the risk.

Like Internet-targeted systems with the highest incidence rate, enterprise-critical applications have the highest level of impact severity. A risk-based approach can also help IT teams properly allocate their efforts and budgets and drive maximum risk reduction per dollar or per hour.

Incorporate modern vulnerability management tools

With modern vulnerability management tools, security teams can gain full visibility into all the assets in the computer environment, including those hosted on-premises, the cloud, or both. This allows them to make an inventory of all the assets in their system, identify any hidden or previously known vulnerabilities, and keep track of all of them.

These tools can also provide security teams with automated assessments of each threat, its business impact, and associated risk, and then share comprehensive descriptions and solutions for each threat. Vulnerability management capabilities that capture a complete view of a company’s threat environment can help security teams understand their attack surface and save significant time, money, and resources that would otherwise be compromised. , would have been spent focusing on lower priority items.

While this sounds ideal and leads directly to the goal of a risk-based incident response process, the simple truth is that there is a critical gap. Conventional tools such as firewalls and vulnerability scanners are needed, but while they can cover system-wide issues in enterprise-critical applications, they just don’t support the application itself. The underlying operating system vulnerability may be detected, but not the SAP custom code issue or the E-Business Suite (EBS) application layer flaw.

Defending the jewels of the business crown

Threat actors today have the knowledge and skills to directly target business mission critical applications and carry out highly sophisticated attacks. Only well-prepared organizations will be able to protect their jewels from the crown and prevent the lasting implications of an attack on such systems.

Security officers and incident response teams must be prepared to bring the same standards and the same maturity of security operations that exist elsewhere in the computer environment to the previously sacrosanct domain of critical applications for the company. The attackers are already doing it; it’s time for defenders to do the same.



Source link

Related post

AZ Big Media How to keep your web development projects on schedule

AZ Big Media How to keep your web development…

Do you have your best tip for keeping web development projects on time? To help you better manage your web development…
Interactive Whiteboard Global Market Report 2022

Interactive Whiteboard Global Market Report 2022

ReportLinker Key players in the interactive whiteboard market are Boxlight Corporation, Cisco System, Inc., Foxconn Technology Group, Google, Inc., Hitachi, Ltd.,…
Interactive Whiteboard Global Market Report 2022

Interactive Whiteboard Global Market Report 2022

ReportLinker Key players in the interactive whiteboard market are Boxlight Corporation, Cisco System, Inc., Foxconn Technology Group, Google, Inc., Hitachi, Ltd.,…

Leave a Reply

Your email address will not be published.