How do you improve cybersecurity without driving up costs?

Security Strategy & RoadmapIT Strategy & RoadmapCost Optimization
1.1k views4 Comments
Sort By:
Oldest
SVP in Finance (non-banking)2 years ago
When you do root cause analysis on cybersecurity incidents, it comes down to a few basic things. Either the company didn't have good controls in place to begin with, or they thought they had controls in place, but those controls weren't across their entire estate. So there’s incomplete control: 80% was covered, but 20% wasn't. Even if only 1% wasn't covered, bad actors only need one device. Once they're on it, they can do whatever they want.

Another factor is defense. Some organizations have one control and they think that's all they need. But you have to layer these controls so that it becomes much more difficult for the bad actors to navigate through and get to the underlying access they want. When I do root cause analysis on these incidents, I often find that even though the organization had two-factor authentication (2FA), they also had one test VPN account that they forgot about, and that is how the attackers got in. It's always something like that.

You don't need to spend millions and millions of dollars to get a good cybersecurity posture. If you have the budget, go for it. But people are going to get you with some basic things. If you don't do the basic things well, all the money you're spending on advanced anomaly detection doesn't matter. Because if you leave the door open, or if you leave the key right outside the door, people are just going to walk in.
1 Reply
VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago

That's one of the reasons why I can't stand the acronym, APT: An advanced persistent threat is only as advanced as it needs to be. And most of the time, it's not all that advanced. The adversary may have some good infrastructure behind them, but the mechanism that they use to get inside your network is not usually that advanced.

Independent Consultant & Industry/Market Reseacher in Finance (non-banking)2 years ago
Cyber Security risk is very much a reality for all types of organizations & individuals. This has become increasingly complex. This has also now become a very remunerative profession. In fact, the cyber security criminals/threat actors are now working in partnership mode. Cyberwarfare has become more powerful and damaging than physical warfare. State-sponsored cyber terrorism has been picking up. This is the most potent unconventional & digital weapon being used. This is the most dangerous reality in today’s world. We have to recognize the gravity of the situation and continuously strengthen our cyber security posture to prevent, detect, identify, contain, remedy & resolve all cyber security problems. The following cost-effective steps may be taken for the purpose. 
1) We must deal with cyber security risks proactively, not just reactively. Know about the existing types of cyber security risks/attacks and the emerging cyber-attacks including the modus operandi of cybercriminals. Hands-on practice in simulated environments may prove very useful to prepare for prompt responses to cyber incidents. 
2) One must adopt the best computerized practices. The physical & logical access to one’s systems & other computer assets has to be authorized only under the least privilege model. Computer logs have to be checked through SOC/SIEM solution as manual verification could be impossible. Access has to be based on the zero trust Network model only. Identity has to be verified at every point of access. End-point security, including perimeter security, should be duly ensured. Cloud security has to be ensured including prevention/mitigation of cyber risks arising out of incorrect configurations. Migration to the cloud including hybrid cloud has picked up significantly across the world. 
3) Employees must act as the first layer of the firewall. All employees, including the members of the Board, have to be properly trained in various aspects of cyber security again & again. Continuous training/creation of awareness is a must. Everyone must understand that around 90% of the cyber security breaches happen due to insider support/involvement and hence, must take necessary precautions. Penetration testing at regular intervals and also more frequently (as required) has to cover both internal & external devices/IP addresses. Vulnerability assessment has to cover all the computer assets as frequently as required. Application Security testing under DevSecOps mode has to continue. Source code review, Configuration review, and Firewall policy review have to be conducted including IS Audit Review from time to time. 
4) Last but not the least, a robust cyber security posture, based on a strong enterprise-wide cyber security culture, has to be created by every organization and continuously monitored & strengthened. If everyone is duly cybersecurity conscious it will reduce the growing cyber security concerns significantly. 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director ERP Management in Travel and Hospitality2 years ago
Review your intrusion detection system (IDS) notifications daily and make decisions based on the facts.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

Will rising cloud costs lead to a reverse migration, from cloud to on-prem?

CloudCost OptimizationInfrastructure
Director IT | CTO Office | Digital Factory / Industry 4.0 in Hardware2 years ago
I don't think rising costs will make people migrate back to on-prem because they're too  invested. If you're already in the cloud, you would have to bring everything down and set up an on-prem environment, which ...read more
2 Replies
Read More Comments
3.2k views11 Comments

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views