CybersecAsia: What does it mean to layer security transformation into digital transformation?
SEN: The good news is that organizations seem to have a better understanding of the risks they face and are more willing to invest in the rapid digital and security transformation actions needed to mitigate these risks. In APAC 90% of respondents had spent an additional US$100,000 or more to adapt to the pandemic, with 80% modernizing their security tools and 65% providing employees with security training or work from home training.
The following best practices are what organizations need to layer security transformation into their ongoing digital transformation:
Continue to invest in DX to keep pace with the cybercrime and nation-state threats. Consider replacing legacy, on-premises technologies with cloud-native platforms that are designed to protect remote and hybrid environments.
Focus on protecting all workloads wherever they are, rather than maintaining security models built around network perimeters. This means implementing breach protection across private, public, hybrid and multi-cloud environments so organizations can rapidly adopt and secure technology across any workload.
Integrate identity protection with run-time protection of workloads, endpoints and mobile devices to alleviate the strain on IT teams. This allows teams to plan, implement and migrate to the cloud-native applications the organization needs to secure its business and employees regardless of location.
Strive to meet the 1-10-60 rule that CrowdStrike innovated to benchmark efficiency in detecting, investigate and contain a cyberthreat.
With the right technology, people and processes, and continued investment in digital and security transformations, APAC organizations can be resilient against cyberattacks.
CybersecAsia: To what extent can outsourced and managed services address the shortage of regional cybersecurity talent and expertise?
SEN: With 61% of regional respondents finding it more difficult to hire cybersecurity professionals this year, as compared to last year, in-house cybersecurity teams have been reduced in size. Half of respondents had five to 20% of their cybersecurity teams leave.
The talent gap can cause ‘security alert fatigue’, which also affects daily security operations. Failing to address alerts in a timely manner can have disastrous consequences. When there are not enough resources to handle all alerts, which can easily total hundreds to thousands in a day, choices must be made about which detections to investigate and which can be ignored. This means it could take longer for a security analyst in a lean team to get to a critical alert, resulting in an uninvestigated detection leading to a major compromise, which was the case in the infamous Target breach.
At the strategic level, organizations are trying to solve the problem by outsourcing their cybersecurity needs and turning to MSSPs (Managed Security Services Providers) or MDR (Managed Detection and Response) to absorb part of the workload.
At the operational level, automation and orchestration are being considered to streamline and scale security teams, so they can meet the increased security requirements. The growing availability of these options is seen in the APAC region, with 42% of respondents agreeing that outsourcing has become easier than directly hiring.
Companies such as CrowdStrike offer such managed security services to help organizations close the security skills gap: by providing advanced protection technology and a dedicated team of security professionals focused on managing and monitoring an organization’s endpoint security and responding to threats.
This option provides the people and technology needed to handle all aspects of endpoint security, with security experts watching its endpoints 24/7 and taking immediate action to remediate incidents whenever needed.
CybersecAsia thanks Sherif for his insights.