The burdens we share
There are several reasons why security teams and organizations struggle to optimize their security posture. Below are several of the challenges all organizations face in the current environment:
Many solutions can be overly complex to operate in an optimized and meaningful way. Not being able to properly configure and operate a solution often leads to organizations turning to expensive vendor professional services or adding gap-filling technologies, which can lead to technology sprawl and increased costs.
Adding technologies to fill visibility gaps need to be carefully considered. Will the organization be able to acquire the people and skills necessary to operate the solution, and does the solution create other issues as a result? Are costs being considered when looking to layer on a new solution?
As technology redundancy and overlap grow in an organization so do the associated costs to manage them. Attempts to rationalize technologies and remove duplication become difficult as other business demands take priority. The cycle continues, which then drives inefficiencies we cannot afford and can create blind spots in your security pogram
Acquiring skilled cybersecurity professionals is a challenge in terms of attracting, equipping, and sustaining strong talent across a variety of technologies. Many factors are driving the security resource shortage including a lack of trained professionals, surging demand, a lack of historical business investment, staff burnout due to understaffing,
increasing volume and sophistication of threats, and new challenges presented by more automation and remote work.
Security teams spend too much time chasing alerts resulting in dead-ends. This is often a result of sensors not being configured properly or alerting thresholds set too wide. Chasing low priority, non-correlated, alerts distracts and beleaguers teams increasing the risk of breach and staff turnover.
The burdens described above are widely shared and experienced in the field of cybersecurity. Organizations are quickly realizing that no one vendor or solution corners the market in terms of eliminating all risk.
However, with a risk-based approach to security programming one can gain a significant security advantage by employing strong technologies (e.g., Microsoft Security Solutions), strong processes (e.g., incident management), and strong talent (e.g., qualified on the tools).
What can organizations do?
Modern cloud platforms, AI, and intelligence-enabled solutions are helping organizations gain confidence and further reduce risk by embracing the ease and reach of security in the contemporary IT environment. This convergence is enabling unprecedented levels of cybersecurity capabilities. This paper goes on to outline how emerging technologies are changing the paradigm and how smart processes can alleviate burdens without high cost and complexities.
Emerging capabilities can help
A practical approach to reduce burden
We often find organizations take a short-term tactical approach when delivering security capabilities. This is typically driven based on reactions to breaches, audits, vendor, or professional services advice, etc. There is a significant risk to this approach in terms of overall effectiveness, cost, staffing, and can lead to a decrease in security posture.
BDO proposes the following approach to enabling an organization’s security posture.
The first step is to address if you have the access and reach to effectively investigate and act on any security issue brought to your attention. BDO prepares your environment in this regard to help ensure that the information required to track threats is available, accessible, and timely.
The highest fidelity, most integrated technology sets are prioritized to help provide maximum visibility across the widest possible aperture. We prioritize integrated technologies such as cloud platforms, EDR, and solutions that incorporate threat intelligence filtering.
In order to help ensure quality, sustainability and good organizational outcomes, one of the critical areas is the requirement for internal process. With high-quality alerts available, the organization needs to be able to act. For example, without a documented and understood security incident response process, organizations may find themselves taking longer to contain and recover.
Once the fundamentals are firmly in place, BDO expands the security aperture to add additional surveillance layers
such as applications, business logic, or insider threat. We deploy custom use cases to illuminate threats across all of your attack surfaces, which can maximize the organization’s visibility into security events.
BDO continuously assesses the market along with its tech stack to help provide maximum effectiveness, efficiency, and value for our clients. Sustainment is a core aspect of maintaining a valid security posture, and right-sized skilling, and tooling. Defense in depth is critical to the success of any security program, so knowing when to re-configure vs. replace a technology based on the market and your specific position is critical.
Drastic improvement is within reach and starting to happen. Smarter technologies are completely upending the industry’s approach to security. Modern security programs are changing faster than ever and the use of contemporary technologies alongside a smart approach and experienced advisors such as BDO are helping to increase the pace of change and improvement, for those who are embracing it.
Key Contacts
Rocco Galletto, Partner and National Cybersecurity Leader
Rob Philpotts, Director and Lead, Cyber Threat Management and Response
This piece was originally developed by BDO USA. All rights reserved.