Is Cybersecurity Harder than going to Mars?
Technology has been defining the course of mankind throughout history. The past decades have been largely infused with technological inventions with the sole purpose to make our lives easier. From television, to the internet, to smartphones and smart devices, technology has been embraced by and incorporated into our daily routines.
Each revolution has marked a radical change in humanity, similarly, the digital revolution that we live in has brought striking changes, propelling the world into the Information Age. This digital era has given us the opportunity to attain information not only faster than ever but also from multiple sources.
By letting technology intrude into our lives so drastically, we also allowed it to influence the way we consume information, so much so that according to recent studies humans are overwhelmed on a daily basis with the equivalent of 34GB of information. This excess is repeatedly interrupting human attention, making it harder to focus, which according to scientists does not help in the process of reflection and deeper thinking.
In this modern day and era, everything that we do both online and offline is programmed to generate digital traces. For the sake of our convenience, we began to sacrifice our privacy. Every Google search, every “like” on Facebook, every purchase with our credit card, is designed to be stored and analyzed. The magnitude of our digital footprint has become unimaginable. As our society is becoming receptive into devouring more and more information we have also allowed enterprises to use our personal data for statistical and behavioral analysis. That very convenience often came in exchange of security and privacy.
Today, scientists consider information technology a major development for our evolution, one that has created a new domain. This transformation is now an inseparable part of our life. Information technology has become a key element in implementing financial, political and social stability.
The information generated, processed, and used by an enterprise is considered to be its most valuable asset. The disclosure or compromise of this asset can severely impact an organization. Businesses are inclined into building deeper real-time connections with partners, governments and customers, collecting and sharing vast amounts of data. As this happens, the risk for cyber-attacks becomes increasingly daunting.
Cyber Security at the forefront – A New Domain
We have created a new domain we now depend on. What happens whenever mankind discovers a new domain? We conflict over that domain; discovery of land, sea or space. Cyberspace couldn’t be any different, and that history explains a lot of what is happening right now.
The annual economic impact of cybercrime is estimated to be higher than the illegal drug trade. While organizations have had their focus on IT security for a long time and have spent vast amounts of money, cyber-attacks and the related news of hacked systems are far from being history.
The global spending on IT security is expected to hit 1trillion dollars by 2021, and that is one area where the IT budget for most companies either stayed flat or slightly increased even in recent financial crises. Most organizations have multiple layers of defense for their critical systems, and although they have invested in the latest technology, clients still cannot detect cyber threats early in the attack lifecycle. Leaving us with an average of 240 days to detect and react. We witness a remarkable hold-up despite the fact that we have all the information we need, we know exactly how the applications are designed. Why then do we end up with new unexpected breaches on IT systems every day, even attacks on vulnerabilities that we never knew existed?
The answer is that our world has moved from complicated to complex. The technology evolution and the radical changes of our world have led to a more interdependent and faster-paced world, namely in state of complexity. Complexity creates a fundamentally different situation compared to the complicated challenges of the past. Complicated problems required great effort but ultimately yielded to prediction. Complexity means that in spite of our increased capabilities to track and measure the world has become in many ways vastly less predictable. Things that are complex have no such degree of order, control or predictability.
For example, a car is complicated. It would take years to understand how a car works. But given the effort some day in the far future one would know with certainty the purpose of each mechanism and each electrical circuit. He would fully understand how to control it, and he would be able to take a car apart and reassemble it, driving it exactly the way one did before. To the contrary, Car traffic is complex. We can travel up and down the same street for twenty years, and things would be different every time. There is no way to fully understand and know what happens around me on the road when I drive, how other drivers operate their vehicles, and how the people in the streets interact. We can definitely make guesses, and we can gain experience in predicting outcomes. But we will never know for sure.
Sending a rocket to the moon is a complicated task and requires great effort but by securing adequate resources and time it can be fairly predicted, programed and controlled.
Cybersecurity on the other hand is complex. The continuously evolving technology landscape, the rapidly evolving attack surface with no clear or defined boundaries, the constantly emerging new threats, as well as the strong human element in the design of cyber systems, are just few of the unpredictable vectors that condone opportunities for the introduction of flaws likely to become vulnerabilities.
From that perspective, cybersecurity is harder than going to Mars!
Rebuild Cyber Security as a complex system
Unpredictability is fundamentally different from reductionist managerial models based on planning and prediction. This new domain demands a new approach. We need to treat Cyber Security as a complex and not a complicated system. And like any other system, a cyber security system is about people, process and technology. It is time to challenge the baseline elements of the past (integrity, availability and confidentiality), and address cyber security based on new principles, new rules of engagement: Trust, Resilience and Agility.
Understanding the company’s attack surface is the basic requirement while minimizing it, the basic objective. Next-gen technologies (such as IoT or cloud computing) have dissolved the perimeter, causing the attack surface to grow exponentially. In this era of complex infrastructures, staying focused on reducing the probability of an attack should become an integral part of managing our exposure.
Though perfect security is impossible, prioritizing resources based on risk is key for creating assurance and trustworthiness not only across the infrastructure but also the supply chain and the Software Development Life Cycle as they are all critical components of the delivery of our operations and therefore need to be measured and trusted accordingly.
The objective of building trust in the underlying infrastructure is to increase the cost and effort for the attackers and decrease the probability of an attack. Unable as we are, to completely eliminate the possibility of an attack, our efforts should be focused into guiding the attack instead, so that it takes place to a segment or a part of our infrastructure that it is easier to monitor and thus faster to respond.
Considering that cyber exposure is now inevitable, it is a given that enterprises should invest in resilience. Resilience is about our ability to deliver the intended outcome despite adverse cyber events. Resilient security models assume that breaches will occur and proactively seek to reduce the impact. One of the basic underlying principles that guide resiliency is the fact, that the probability of any security system becoming compromised is 100% (or in terms of probability one (1)). In other words, we need to acknowledge the fact that it is a mathematical certainty that every security system, regardless of the defense and technology sophistication involved, will fail at least once in its lifetime.
Resilient security models assume that breaches will happen and proactively seek to reduce the impact. For resilient security models, time is the most valuable asset and time to awareness the most important KPI (key performance indicator).
As resilience becomes a mandatory element of this new domain, an enterprise’s ever-growing reliance on cyberspace has increased the need to fundamentally restructure our security operational model. Resilience requires business to develop from a prevention based Threat Detection and Response capability to Situational Awareness. To advance, it is inevitably required to change the way we perceive and run Cyber Security Operations. As an example, regardless of the skill and expertise SOC operators and analysts posses and their ability to comprehend the threat, they are inappropriate to assess the risk but also the business implications of a decision. This issue hinders the ability to respond and delays the decision-making process in situations where time is of ultimate importance.
Organizations must face cybersecurity as a business risk and not merely as a technology risk and adopt an approach that brings both security and business executives on the table. Understanding the business (strategic) aspect as well as the operational implications and security capabilities or shortcomings (tactical) for a given real or potential threat allows for better and more robust response strategy. So maybe by building a multidisciplinary task force (rather than a SOC) that fathoms what cyber-risk means for the business as a whole we can reinforce shared consciousness – a fundamental concept for creating resilience.
As it is perhaps the most important of the three, given the rapid and cataclysmic changes, Agility, translates as an organization’s ability to adapt, change and succeed in a rapidly changing, unpredictable and turbulent environment. Notably, perhaps the most significant issue that impedes agility is the quality (or lack) of communication between the strategic and the tactical layers. Every organization including a cybersecurity organization has three management layers:
- Strategic layer: The CEO who defines company’s strategy
- Operational layers: The operations officers or the middle management
- and the Tactical layers: The people on the field (analysts and officers who execute operational procedures, understand the data and are capable to respond)
Time and again, we notice that this organizational structure affects communication negatively by limiting the flow of information within the company. This happens because strategic layers recognize risks and opportunities and operational layers understand procedures, checklists and ticking the boxes. On the other hand, tactical layers understand technology and threats. This gap is the basic reason why the cybersecurity market is failing, this inconsistency makes decision-making more difficult and complex, producing slower decisions in terms of risk.
For example, the tactical layers might escalate something which is considered a very important threat, however this incident might not be important for the business in terms of risk and therefore it is not measured as high risk for the business.
To survive, organizations must come through the existing shortcomings and adopt new security models that integrate cyber risk management as part of their decision-making process. Cyber Risk Management in real time can be our strongest weapon towards our goal to ensure trust, security and safety. The more the power to anticipate and understand, the larger the potential for prevention or containment.
Rebuild from the Ground Up – An ERP for Cyber Security
The need to rebuild things from the ground up has become more pressing than ever, to survive, organizations, regardless of their size, must endure the existing shortcomings and adopt new security models that integrate cyber risk management as part of their decision-making process. Cyber Risk Management in real time can be our strongest weapon towards our goal to ensure trust, security and safety.
Just like the ERP systems evolved to address the need for centralization and consolidation, allowing decision-makers to reflect upon key performance indicators and make insightful decisions, we at OBRELA envisioned, designed and engineered an Integrated Cyber Risk Management Platform that orchestrates controls in the diverse facets of cybersecurity operations and consolidates security-related data under a single data lake enabling real time analytics and supporting informed decisions based on real time risk assessment.
Ultimately, we have engineered a cyber security solution that can be attuned to the versatile and dynamically changing needs of enterprises. An integrated cyber risk management platform that orchestrates controls in the diverse facets of cybersecurity operations and consolidates security related data under a single data lake enabling real time analytics and supporting informed decisions based on real time risk management.
SWORDFISH Technology aims to put an end to the unpredictable complexity of the multi-split security sprawl that enterprises across the world have to deal with on a daily basis, while ensures the ability to adapt to a rapidly changing turbulent environment, attuning cyber protection to emerging new threats.
The common approach to cybersecurity adding more and more layers, is evidently not sustainable. Corporations are overwhelmed with the plethora of seemingly endless technologies security controls and procedures that are required to protect their enterprise. A new era for the Cyber Security market starts to emerge as clients are increasingly reluctant to buy more “new” technology for the “ever” emerging threats and look for alternatives…