The expert view: overcoming challenges in security operations

Cybersecurity impacts us all on a daily basis, said Chris Vaughan, Vice-President, Technical Account Management and Enterprise Services at Tanium, introducing a TEISS Breakfast Briefing at The Langham in London. He said that, whether through threats to our business or more personal effects, such as not being able to access hospital treatment following an attack, all of us must deal with the consequences.

 

He told the audience, all senior executives from a range of sectors, that despite the ubiquity of security concerns, many organisations still don’t know what they have on their IT estate and therefore can’t properly protect it. And that’s a problem because, said Mr Vaughan, in cybersecurity prevention is much better than cure.

 

Changing threat landscape

 

The issue is complicated by the fact that today’s technology sector is moving very fast. Emerging technologies such as generative artificial intelligence (AI) are both a boon and a challenge. On the one hand, they can assist in automating business tasks and generating insights; on the other, they can be weaponised by cyber attackers.

 

Some attendees expressed concerns that attackers could not only compromise AI assistants but also manipulate their training data to produce skewed results. Some suggested an aggressive approach to managing AI risks: initially blocking all AI functionalities and then cautiously enabling them based on specific needs and risk assessments.

 

While AI is a high-profile new threat, it shouldn’t eclipse the broader issue of data security. Cybercriminals are becoming increasingly data-centric, attendees said, targeting specific information to enhance the efficacy of their phishing emails. Moreover, seemingly innocuous QR codes have evolved into another tool for attackers to circumvent security measures. The key to thwarting such efforts lies in a mix of technical controls and human vigilance, supported by ongoing training.

 

The need for prevention

 

Faced with an evolving landscape, those at the briefing agreed that prevention is better than cure. One of the most compelling reasons is the cost associated with reputational damage following a cyber incident. For organisations that have suffered a cyber incident, the experience is often disruptive and expensive enough to underline the importance of pre-emptive action.

 

Furthermore, given that cyber insurance is becoming harder to obtain, prevention is a sound strategy for minimising losses. Regulatory frameworks are also evolving, introducing stricter penalties, and even holding board members accountable for lapses in cybersecurity. Such punitive measures are driving a shift in organisational attitudes towards risk management.

 

Finally, for those looking to win lucrative contracts with entities such as the UK government, stringent cybersecurity controls are a non-negotiable prerequisite.

 

Common obstacles

 

However, there are significant obstacles to better prevention. Budget constraints are a primary concern, those at the briefing said – and they are exacerbated by external economic factors such as rising energy costs. Legacy systems present another significant challenge, hindering the adoption of modern, more secure technologies.

 

Equally concerning is the risk introduced by the supply chain, where weaknesses in third-party systems can allow attackers to penetrate your network. Often, said attendees, it is unclear who has responsibility for securing the supply chain, with the legal department sometimes taking on the role by default because they manage the contracts.

 

Rapid international expansion also presents its own set of challenges. In their eagerness to get up and running, new operational units may cut corners on cybersecurity, thereby creating vulnerabilities.

 

Strategies for success

 

Addressing these challenges requires a multifaceted approach. First, organisations should quantify their cybersecurity risks and define their risk tolerance levels. A critical part of this is understanding the interplay among various applications and their respective importance. For example, one executive argued that if a cyberattack were to compromise the payroll system, the entire organisation would grind to a halt.

 

Humans remain the weakest link in cybersecurity, so automation should be leveraged to mitigate risk. However, doing so requires increased vigilance against machine-to-machine attacks. A long-term strategy focusing on ‘security by design’ and even moving towards ‘secure by default’ configurations is also advisable. The development of strategic cybersecurity functions will shift the focus from daily firefighting to long-term preparedness.

 

Finally, organisational buy-in is key, and this can be facilitated by appointing security champions across departments and employing positive reinforcement techniques over punitive measures. Despite growing compliance fatigue, regulations can serve as an opportunity, unlocking budgets and enabling businesses to meet the standards required to penetrate new sectors.

 

Overall, attendees remain very aware that cybersecurity is a constantly evolving landscape that presents both challenges and opportunities. The emphasis on prevention over cure is now a common view. Armed with the right strategies and tools, organisations can navigate this complex landscape effectively.

---

For more information visit www.tanium.com.