Building resilience against emerging security threats

By Mat Clothier
Mat Clothier, CEO at Cloudhouse, explores how to build resilience against security threats and taking a multi layered approach

The growing focus on security reflects the fact that no business is immune from the threat of attack. And this problem is only set to grow: one study predicts that global cybercrime costs will reach US$10.5tn annually by 2025.

Successfully protecting a business and building resilience against malicious acts requires a complex and multi-layered approach: it’s not as simple as integrating one antivirus program and hoping for the best.

The adoption of a configuration management tool can integrate with best practice benchmarks to scan an entire IT estate and make recommendations on improvements. This technology enables a business to not only reduce its current risk, but also protect itself going forward using best practice.

Cybersecurity: a strategic focus for businesses

A 2022 study into 1,200 organisations across 16 countries produced some sobering insights. 29% of CEOs and CISOs and 40% of CSOs admitted that their organisation is unprepared to deal with the rapidly changing landscape of cybersecurity threat – with the highest proportions being in healthcare, the public sector and telecoms sectors.

During the first year of the pandemic (2020 to 2021) the number of material breaches rose by more than a fifth (20.5%), and the average percentage of a firm’s total revenue devoted to cybersecurity budgets jumped in response by 51%. The financial losses, potential legal consequences and reputational damage from a successful attack make it understandable that businesses are devoting more expertise and budget to this area.

Eyes on the future

When asked to look to the future, security executives expect an increase in ransomware and social engineering (such as phishing and baiting) in the coming years, as criminals adopt ever more sophisticated approaches. The executives identified specific weak spots as being software misconfigurations (49%), human error (40%), poor maintenance (40%), and unknown assets (30%).

To address this growing threat, cybersecurity must take a multi-layered approach within an organisation to ensure the best protection against ever-evolving malicious activities such as ransomware.

It’s no surprise that cybersecurity has become a central strategic focus for businesses. Much of the responsibility for this will fall to CISOs.

Misconfigurations a major weak spot

As mentioned, a recent study found that security executives believe that misconfigurations are their biggest weak spot when it comes to cybersecurity risks. And they are wise to recognise this: in reality, most breaches are not caused by hacking, they’re caused by misconfiguration.

Threats such as malware and data breaches almost always rely on misconfigured systems to succeed. Perhaps a default password hasn’t been changed, a cloud storage instance has been set to public, or a dangerous port is accidentally left open to the internet. These are all errors that can be hard to spot in a complex data centre. It’s a time-consuming task that may not be a top priority amongst competing business goals, meaning the vulnerability remains unidentified.

Configuration management tools help here by scanning the entire estate, from cloud storage to local servers, websites to network devices, and more, identifying misconfigurations. They are vendor agnostic and surface anomalies that might otherwise go unnoticed - until it is too late.

Auditing the estate in this way gives CISOs the visibility and control they need to effectively monitor their estate and be proactive in remediating misconfigurations. Armed with this insight, the company’s risk is reduced and its resilience is enhanced.

Configuration management tools not only identify issues in real time, but can also store the total configuration state of every node, making it easy to compare systems and environments, or see how a system has changed over time. They allow the discovery of cluster consensus with a single click, and have the differences visualised, making for rapid troubleshooting down to the line level of a configuration file.

Helping to achieve compliance

Most companies want to follow security best practices - and have the evidence that they do so in the event of a data breach or other cybersecurity incident - even if regulatory compliance isn’t necessary in their sector. For businesses that operate in highly regulated spaces, such as financial services, regular cybersecurity and IT process audits are mandatory: they must prove that customer data and services are secured by the best-known means.

Configuration management tools can help here by automating compliance assessment and reporting, allowing continuous auditing of systems and keeping a record of the configuration. This automation can also include testing assets against best practices, regulatory standards, or company policy, not just during an audit, but all the time. If a system falls out of compliance, this oversight allows issues to be fixed as quickly as possible – further protecting the business.

Configuration management tools help enterprises meet benchmarks

The Center for Inter Security (CIS) is recognised as a leader in generating standards and defines numerous industry leading security benchmarks for organisations to follow. Adhering to these helps organisations to improve their cybersecurity. However, achieving this can be a time-consuming and complex task. Configuration management tools can greatly simplify this process. They can come preloaded with policies for the Center for Internet Security’s 20 critical security controls, which satisfy many aspects of regulatory requirements like PCI and SOX.

The configuration management tools execute CIS policies on a user-defined schedule, and can be tailored to specific business needs, allowing the omission, modification and supplementation of the tests included in the benchmarks as published by CIS.

They also allow the creation of bespoke policies from an existing system in just a few clicks, which you can then apply against similar systems.

Build your resilience against security threats

The right configuration management tool can be a vital weapon in the CISO’s cybersecurity arsenal. They allow companies to keep on top of everything in the estate, monitoring changes over time, identifying what is out of date and non-compliant and automatically achieving compliance by getting to best practice configuration. With this insight a business can reduce its risk and build its resilience, putting it in the best position to meet the challenges of the future head on.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security