Recently, Jack Danahy, SVP and chief evangelist at Alert Logic, and Annalea Ilg, CISO for Involta, hosted a webinar to explore cybersecurity challenges specifically related to managed detection and response (MDR). The robust discussion was framed with terminology that is reflective of something important to all of us: healthcare.
How has technical advancement created security challenges?
Annalea Ilg: Organizations often feel they aren’t making progress when it comes to cybersecurity. This is primarily due to the ever-changing threat landscape. Security must be able to pivot when new elements come into play, and the organization must align any changes to business direction. This, however, is a serious challenge if security is not partnered with IT and the business teams. Digital transformation and automation are great, but it is crucial that security is involved.
Further, we must be open when trying to understand change and risks across the environment. This means finding flexible security tools and hiring the right cybersecurity talent. Without both sides of that equation, organizations will unfortunately find themselves always steps behind the bad guys.
How high are security risks and costs today?
Annalea Ilg: 2020 has been uniquely challenging due to COVID-19, and we’ve seen a heavy impact on security. For instance, there has been a 300 percent increase in cybercrime, primarily due to today’s more exposed environment. Not all organizations were prepared for full-scale work from home and, as they had to act extremely fast, security was often overlooked in the shuffle, resulting in unmanaged laptops, absence of multi-factor authentication, etc.
Further, 80 percent of companies have had breaches in the cloud, not because workloads have moved to the cloud, but because security wasn’t considered when moving them. This, along with the fact that there is an average of 2,244 daily attacks, only emphasizes that organizations must remain flexible and be able to pivot when changes occur. More importantly, they must always keep security at the forefront. It cannot get lost in the shuffle because the risk is far too great.
Jack Danahy: When you think about 2,244 average daily attacks, that’s a function of the advancement in the sophistication of threat actors. It is also the increasing amount of spread there has been with systems outside an internal network, due to more and more individuals working from home.
We’ve seen 70 percent of these attacks are external. Monetization, part of which we see in the average ransomware payout stat of $111,605, shows that there’s a real reason for these threat actors to look for more places to get in and accelerate their rate of attack.
One statistic that’s troubling is that 60 percent of smaller businesses, who may not have adequate security teams, aren’t really prepared for a breach and may never recover. The impacts and costs that we’re seeing are substantial in a way that many people do not naturally recognize, because they think of it as more of a technical challenge.
How is it true that no organization or individual will always be healthy?
Jack Danahy: If you ask someone if their organization is 100 percent secure, or if you ask them if they know they will always be perfectly healthy, the answer is pretty much the same – “no.” While you want to be as secure and healthy as possible, you must recognize there are always going to be gaps.
It’s simply too difficult to close things down when you’re integrated with your customers and partners; you’re getting work done; and things are going to happen that are outside of your control.
Realizing that the organization is not 100 percent secure, many often respond by buying more products. However, more products do not equal greater security. It comes down to the realization that organizations must do their best to be secure, while understanding that there will always be gaps.
The response must be addressing those gaps in three ways:
1. Detection. How will I know when there is a new vulnerability or an attack that’s succeeding?
2. Response. How will I understand an attack that’s in progress to either disrupt it or examine it? How will I quickly fix a misconfiguration? How will I rapidly decide whether I want to route traffic around a vulnerable server, patch it, or reduce its access?
3. Management. How do I ensure my cybersecurity is effective over time? Is this something that I feel confident that I can invest in and staff to the appropriate level? Or, like healthcare, is it something that I’m going to go to a specialist for? Will I be glad there’s a hospital nearby in case I really need it?
What specialized skills and tooling are required to fight cyberattacks?
Annalea Ilg: Much like healthcare, you need experts who are prepared for the type of events and the type of attacks that are happening. Solutions are not cookie-cutter. In the event of an attack, we must be able to stop the bleeding without downtime – that’s the key. You don’t want to make any missteps that would harm the image and forensics if needed later.
You must be very careful, nearly methodical, when you’re going through any kind of attack. Aside from knowing the environment and the risks, you can’t triage unless you know your assets, what they’re externally facing, and what’s internal. You must know where your data is. You need tools that can correlate and triage the attack. It is very much related to healthcare – you must be calm, cool, and collected while you’re going through all the needed steps.
Research conducted inside the market showed that yes, cybersecurity is very similar to healthcare. Organizations are like individuals who require a hospital rather than determining treatment on their own. This is particularly true as organizations integrate more sophisticated technologies and we see people working in more diverse environments from home.
Hopefully, this has inspired interest in adapting an MDR service provider model to help you with your security portfolio. If you have additional questions, please contact Jack, Anna, Involta, or Alert Logic for informed answers.
For more information:
- Reach out to your Involta account rep to schedule a Security Awareness Call today (you can also request a meeting here). This is a brief call with your Involta Account Rep and a Security Specialist. The purpose of the call is to review the current threat landscape and advise on a best path forward for your security goals, regardless of circumstances or budget.
- Take a look at Alert Logic’s MDR Manifesto, which will help you understand and describe this model.
- Listen to the full webinar with Jack and Anna here.