How Cyber Defense Complexity Opens the Door Wide to Cyber Adversaries
We are losing the war against cyber criminals. Ransomware, phishing, attacks against supply chains — all are up year over year. There is a shortage of cybersecurity talent across the globe. Unfortunately, as an industry, our strategies are leading to more complexity, increasing the number of gaps and vulnerabilities in our defenses. The number of attack techniques (as defined by MITRE) is increasing at a much faster pace than cyber defenders are able to create detections. To understand how overcomplicated solutions lead to more complexity and how simplifying your tech stack can actually improve your cyber defenses, read on.
Jump to a section…
Why We Are Losing the War Against Cyber Criminals
Most organizations understand the need to bulk up their cyber defense efforts, but too many are going about it the wrong way. According to a 2022 global security research study by Fastly, 73% of worldwide businesses are increasing cybersecurity spending, but only 61% of cybersecurity tools are fully deployed. Partially deployed tools are partially effective — that is where gaps are found, and the places where attackers focus.
The whitepaper above leads to the conclusion that organizations spend these funds on cyber defense that overlaps in functionality but can result in conflicting alerts and ineffectiveness in multiple individuals or teams having to manage similar tools. There is a tendency for security teams to buy into vendors’ promises that there is a silver bullet that can solve their security woes. Each one comes with its own set of configurations, systems, and learning curves to overcome in order to implement them to their full potential. When executed partially, they fail to meet their promise — which leads to new opportunities for bad actors to attack.
Much of this approach is borne out of a separation between boardroom decision-making and CISO implementation. CEOs often see cybersecurity as rules imposed and separately tracked by IT departments, rather than an initiative that should live at the core of an organization’s business model. As a result, decisions get made and IT departments need to respond to the security risk of those decisions, bringing on additional tools to shore up deficiencies in the current framework.
New tools add complexity, making an organization’s infrastructure less secure. A 2020 cyber resiliency study IBM conducted found that organizations that use over 50 security tools rank lower in their ability to detect and respond to attacks than organizations that use fewer tools. Each addition of a new security tool also increases the chances of misconfigurations or other defects. In fact, businesses that use multiple data protection vendors expect annual data loss costs up to four times greater than using a single vendor.
With a scarcity of cybersecurity talent, CISOs are up against difficult odds. We are asking fewer people to understand immense, more complex security networks to protect even more sensitive data against an increasing number of attacks, and each new solution ends up making the job more difficult.
So what should we do? Continue down the same path until everything collapses? Or take a step back and reassess our priorities? A true zero trust approach — similar to a definition that Google established 10 years ago where organizations only grant absolute least privilege access to what is needed to complete one’s job — is a solid foundation for improving an organization’s security posture. But it must also be fully understood and internalized before examining and enhancing your network. This webinar is a good discussion about what trust is, and what it isn’t where you will learn how to improve security for your organization.
How to Simplify Cyber Defense
The Center for Internet Security advises organizations to take a “shift left” approach to cyber defense, using a zero trust framework to protect data, devices, and the overall network. This approach means implementing built-in security methods that are already available while using white-lists to reduce complexity at scale. The goal is to simplify security management to reduce overhead while maintaining stringent security standards.
Here are a few considerations when adjusting your organization’s tech stack and overall cyber security posture to ensure you take a holistic approach and reduce complexity.
- Centralize visibility: Visibility is a core requirement for simplifying security operations. It provides insights for maintaining consistent and effective enforcement policies. It also enables your organization to track key performance metrics and make informed decisions, improving your risk posture while maintaining a simple structure.
- Inventory and consolidate tools: With visibility as your lens and simplicity as your goal, evaluate your tech stack and consolidate your portfolio. Do more with less! Consolidating everything into a single vendor isn’t necessarily the best path forward — too often, that “single solution” is a conglomeration of patched-together technologies gained through acquisition or developed by multiple teams that are unified by putting them all under a single umbrella. The easiest way to spot such a situation is by looking at the management and consulting costs to implement the solution. Also, a multi-month or multi-year implementation plan should tell you that that single vendor solution is more complex than an open, tightly integrated set of solutions from best-in-class vendors. When evaluating your cyber defense portfolio, consider a tool’s feature set, the complexity of administration, customization vs. flexibility offered, as well as costs of deployment and integration.
- Automation: Work toward automating repeatable security tasks, such as ransomware and incident response or log analysis, which will reduce the potential for human error while enabling you to spend more time working on more complex problems.
- Implement technologies that prevent adversaries’ tactics: Security should eliminate key exploitable attack vectors. Progressive cyber defense thinking has turned toward stopping attacks at key points in the attack chain rather than trying to stop every attack tactic. The purpose of this approach is to prevent adversaries from achieving their goals, not to attempt to stop their every move.
- Follow cybersecurity best practices: This may seem obvious, but it’s easy for the basics to fall by the wayside as complexity increases. As you shrink your tech stack and reduce the surface for attack vectors, ensure your team is implementing core cyber defense best practices to close gaps, reduce complexity, and force adversaries to look elsewhere.
- Communicate, educate, and reinforce: Everyone in the organization, from the top-level executives to the frontline developers doing the work, should understand the purpose behind your approach to cybersecurity. Guidelines should be simple and understandable, and the reasons why certain tools are in use — and why others are not — should be clear. This reinforcement will guide decision-making at the top, ensuring that cybersecurity is at the forefront of the business model.
Simple Is Better
Assessing your current security posture and then working to simplify using the suggestions above makes better use of your resources, making them more efficient and effective.
Byos understands that complexity increases the likelihood of attack. That’s why we built a suite of consolidated plug-and-play solutions that minimize complexity while improving security across your extended organization, including third-party access, work-from-anywhere, and legacy and unmanaged devices on your OT network. With device isolation, network cloaking, true zero trust enforcement, and edge microsegmentation, Byos reduces your attack surface to zero, decreasing the likelihood of compromise across remote networks, critical infrastructure, legacy devices, and embedded hardware.
Talk with a specialist or request a demo now to learn more about how Byos can provide your organization with a simple and effective foundation for network security.