How CISOs can start addressing the technology fragmentation challenge
Technology fragmentation is a challenge facing almost every business. The problem occurs for a number of reasons. There are legacy systems that are critical, but have reached end of life and are no longer patched or supported, posing a massive security risk. Then there are custom systems built by an employee who has subsequently left, leaving the system without a champion. There’s also shadow IT – those systems and solutions deployed by individuals or business units independently of the IT department.
By Wayne Olsen, Managing Executive: Cyber Security, BCX
The speed of digitalisation has meant businesses have had to migrate workloads to the cloud without necessarily considering the security ramifications. Segmentation in the business as a whole has led to fragmentation at an operating system or desktop level, as organisations have acquired tools to meet the needs of people in different roles. Often, they’ve oversubscribed to multiple tools doing similar things, which inflates the cost.
From a security perspective, having multiple tools means you don’t have overall visibility. This is particularly relevant when breaches occur. The chief security officer’s greatest challenge is getting to the root cause of any breach specifically because businesses use multiple, disparate systems.
The longer it takes for the CISO to find the cause of a breach, the longer hackers have to move around in your systems. IBM’s Cost of a Data Breach 2021 report found that it takes an average of 287 days to identify and contain a breach – that’s roughly nine months. The majority of that time, the hacker is inside the organisation, undetected. While the security team is trying to figure out how they got in and what they have done, they move sideways. This opens up the business to double extortion – hackers threaten to reveal that they have been breached, as well as threatening to reveal confidential information if they’re not paid a ransom for it.
Consolidating spend – and vendors
More mature organisations have embarked on drives to consolidate their spend to a single vendor’s technology. The costs saved can be used to train people to specialise in the technology. The real-time visibility this gives them makes their security postures much stronger.
Multiple streams of information flow into organisations daily, and the rate is only growing. From the web and email, to sharing platforms and chat programs – attackers have multiple platforms to get in. Having disparate software security tools deployed across a business means you’re effectively deploying a security company for your email security, a different company for chat and another security provider for your firewall. They don’t talk to each other and they all talk individually to you. You need a security partner on the backend with a control room that has a single view and real-time visibility into all of these streams and that can act immediately in cases of a breach, in concert with your internal teams.
Advanced security teams are taking this one step further to proactive response or pre-breach analysis. For example, the electric fence keeps going off and our cameras are picking up a red car at roughly the same time. Coincidence? Unlikely. Security teams are using indicators from operational and security systems across the organisation to detect possible compromises and pre-empt breaches.
Most people don’t really understand how many different systems they’re touching in the course of executing their duties, and that each is a potential point of entry for an attacker.
Communication is key
CISOs looking to address this issue need to start by communicating more effectively and engaging more with the business. For the first time, CISOs are being invited to sit at the table with the rest of the C-Suite. They need to take the tech jargon out of the conversation and start speaking plainly about the implications of security breaches – financial and reputational – and system downtime. They need to start measuring risks and evaluating what needs to be spent where to deliver the optimal result given the business’s goals and objectives.
CISOs have a big responsibility. In larger organisations, this is a mammoth task. They need to upgrade systems, networks, infrastructure, manage innovation and service delivery, and ensure security starts being baked into all of this from scratch. If they’re to do this effectively, they need CEOs to understand what is happening in their environments and why it’s important. CISOs need to step up and be heard more clearly to make the business understand the risks of the digital journey on which we have all embarked.
RELATED POSTS