Drawing from our close relationships with thousands of businesses, we identified that almost all share similar, preventable problems that lead to significant security inefficiencies.
How did we get here?
Buying solutions in search of a ‘silver bullet’
Businesses are learning the hard way that hackers have capabilities, and not only that, but they also have strong financial incentives to act on them. Cyberattacks from recent years and the ‘ransomware cyber-epidemic’ had caught organizations unprepared. In response, they quickly bought tools and technologies with the hope of finding a silver bullet that will eliminate all cyber threats.
Innovation drives our business forward but too much of it slows us down.CISO, US-based Financial Institution
Unfortunately, despite marketing promises, no tool to date can solve the fundamental problems of our industry, such as skill shortage.
People and processes took the back seat in terms of resources compared to technology investments.
We recently worked with a well-known European manufacturer that invested in a state-of-the-art SIEM system in order to be on top of all security events. However, only one person with an unsuitable set of skills was assigned to handle all the alerts, resulting in unverified alerts, wasted resources, and a weaker security posture.
Over-relying on trends in the buying decision process
One of the most popular ways to stay ahead of the curve and make business decisions is market trend predictions. Buying technology based on market trends and general analyst opinions is a good rule of thumb in uncertain situations, but each organization is different and so are its risks.
An optimized security program can be built by a structured process of identification of threats relevant to your business assets, and identification of controls that mitigate these threats. Basing buying decisions on this process is more effective than relying on general market opinions.
Trends come and go, but a security program built on a solid foundation of risk assessment and mitigation will be more effective in the long run.
Hyped technologies like zero-trust and SSO can sometimes help organizations protect themselves but they do not fit all organizations and could even expose them to new threats. Taking into account people, processes, and technologies help companies create holistic programs that ensure real cybersecurity.
It’s time to go back to the basics
Most cyber-attacks could have been prevented by covering the security fundamentals. For instance, using strong passwords is universally known to be critical for security, yet weak passwords are one of the most commonly exploited vulnerabilities through attack techniques such as password spraying.
Next-gen solutions don’t solve current-gen problems.
The ’back-to-basics’ approach declutters multiple redundant solutions, reduces vendor fatigue, and improves overall security effectiveness and posture. Security leaders are encouraged to put less emphasis on the next big buzz and more on sustainable, customized, and cost-effective capabilities.