Cyber attacks continue to rise, despite the almost 4,000 security products on the market today. With more vulnerable endpoints and evolving threats, it’s time to think about strategic security solutions instead of just adding more products.
In our 2022 Summit Panel, “Security is a Strategy, Not Just a Product”, we gathered experts from leading cybersecurity companies to talk about what it means to implement strategic security solutions.
Our speakers were:
- Jaz Lin, Sr. Director of Product Management at Aryaka
- Ben Bohman, Director of Solution Engineering at Comcast Business Masergy
- Jim Garrity, Chief Operating and Information Security Officer at Ntirety
- Jonathan Goldberger, Senior Vice President of Security Practice and Strategic Sales at TPx
Read on to hear what the experts have to say about strategic security solutions, and watch the video above for the full panel.
The State of Cybersecurity Today
The panel opened with a review of some key insights from Verizon’s annual Data Breach Investigations Report (DBIR). According to the report, a shocking 82% of reported breaches involved a human element, with 20% of those involving social engineering.
We did a little experiment of our own at Summit where we put up QR codes that were actually (harmless) phishing schemes. People did scan the codes and clicked on the link despite not knowing the origin of the links, showing how easy it is to fall prey to phishing.
Another interesting statistic from the DBIR is that 60% of data breaches came from supply chain partners, highlighting the importance of demanding that your partners have a mature security profile.
According to Security Magazine, 78% of organizations use more than 50 different security solutions and products to address security. Despite this, attacks still occur. Our panelists agree the key to preventing attacks is implementing a comprehensive security strategy, not piling on separate security products.
What is a Comprehensive Security Strategy?
IT leaders are drawn to tools because they are easy to implement. It’s tempting to buy yet another security product and consider that the end of the security conversation.
The reality is that cyberattacks continue to evolve, and no security product can protect an organization 100% of the time. That’s why it’s critical to simplify and converge security tools and instead focus on developing strategic security solutions.
Taking a strategic approach means having a holistic plan and continuously working towards maturing your security profile.
Jim Garrity of Ntirety shared that when discussing strategic security solutions, it’s best to start with business strategy. A business has specific goals in mind. From there, it’s a matter of understanding what could impact those goals. What are the costs associated with security breaches? By starting with business strategy and then aligning strategic solutions to those goals, it helps stakeholders understand how critical security is.
Starting with the biggest risk to the business — the most important chess piece — can help steer the budget toward specific security investments.
Jaz Lin of Aryaka spoke of the importance of zero trust as a framework for any strategic security solution. Zero trust limits privileges and access so that a user is only given the access they need to finish a job, and nothing more.
Another key understanding that guides strategic security solutions is that security is a 24/7/365 activity and instant response is needed. The panelists spoke about the importance of a Security Operations Center (SOC) that monitors and responds to threats in real-time.
Ben Bohman of Comcast Business Masergy points out that response is critical in a SOC. Security products talk about Endpoint Detect and Response (EDR) and Managed Detect and Response (MDR), but the R for response is often neglected. It’s critical that the SOC include instant response not just to remediate the problem, but to stop it from happening again.
During this part of the conversation, I shared the importance of having an incident response team and mapping out exactly who is responsible for what actions in the event of a breach. Strategic security solutions don’t just react to breaches, but they evolve to prevent attacks.
Common Gaps in Cybersecurity
We asked the experts what are some “low hanging fruit” — common gaps in security that strategic security solutions can help address.
Jim Garrity of Ntirety said that he thinks more organizations should implement a SOC or SOC as a Service. The number of analysts, investigators and threat hunters needed to manage and monitor a SOC is substantial. It would be hard for any organization for whom security is not their core to amass such a team and as such, Jim recommends outsourcing the SOC.
Jonathan Goldberger of TPx added that strategic security solutions should be aimed at “stopping myself from doing something stupid.” Security awareness training helps reduce social engineering attacks by training users on how to spot sophisticated phishing attempts. He argues that security training should be continuous — not just a 30-minute video once a year.
Security touches on every part of the technological ecosystem. From the Cloud to voice technology, networks, and endpoints, security is critical.
As we wrapped up, Ben of Comcast Business Masergy suggested that strategic security solutions should open doors and expand conversations, instead of being an annoyance or unwanted expense.
With more vulnerabilities than ever and a cybercrime ecosystem that’s only becoming more and more sophisticated, it’s critical to think deeply about cybersecurity. Strategic security solutions work with overall business goals to secure an organization against all types of attacks.
Do you want to simplify and strengthen your cybersecurity? Click here to talk to an expert and get started with a cybersecurity assessment for 2023.
- Strategic Security Solutions: It’s About More Than Products - November 22, 2022
- 2023 Technology Trends: Shameless Predictions for a Possible Recession - November 8, 2022