Problem 5 of 7 Things Wrong with Mid-Market Cyber Security
When it comes to cybersecurity, complexity can be the enemy of safety. To protect themselves against the myriad threats of today, mid-market companies often rely on dozens of security tools and platforms. These products may work well alone, yet when operating together they hinder security efforts, with one of the main failures being the lack of intelligence-sharing capabilities between services. Without the ability to distribute intel in real-time, defenders are put at a competitive disadvantage against cybercriminals.
IBM’s most recent Cyber Resilient Organization Report revealed that the average company uses 45 cybersecurity products and found that “response efforts were hindered by the use of too many security tools”. “The amount of security tools that an organisation was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed,” IBM wrote. “Organisations using 50+ security tools ranked themselves 8 per cent lower in their ability to detect, and 7 per cent lower in their ability to respond to an attack than those respondents with fewer tools.”
A tendency for ‘coopetition’, rather than collaboration
Security teams are already time-pressed and overloaded with ‘fake news’ – false alerts which fill up their working hours with wasted effort. If the point security products cannot talk to each other and share threat intel effectively, they are effectively fighting with one hand tied behind their backs.
Vendors have started to build cyber intelligence sharing mechanisms into their products, but a tendency towards “coopetition” rather than full cooperation means they often compete as much as they collaborate. For businesses, this means that attack intelligence picked up by a cloud security solution may not be automatically shared with a separate product from another vendor that is protecting cloud, web and email. This failure of communication is not just a nuisance, but a security risk. If security services can’t talk to each other, they can’t work together properly.
When one door closes, another is pushed open
Hackers don’t just give up when they see that one door is closed. Instead, they regroup and seek other ways of getting past defences. Today, we’re seeing more and more cross-channel attacks that highlight the risk of failing to use cyber security protection that shares intelligence effectively across multiple entry points.
Roughly 90 percent of breaches start with a phishing email. Falling victim, and handing over the credentials that allow hackers to mount an attack, is more common than you might think. Installing a modern, multi-layered email security system is the obvious response to this threat, offering a defence against phishing, malware, targeted attacks, and CEO fraud.
Yet cross-channel attacks can easily bypass these protections by drawing victims out of the protection of email security and into dangerous territory on the web or in the cloud. Cross-channel attacks don’t end in the inbox, but instead tempt people away from the protection of email security systems and onto malicious apps or websites. If the various services that make up an organisation’s digital defences cannot communicate properly, what chance do they have of defeating an attack that uses more than one channel?
The Power of a Platform
The IBM Cyber Resilient Organisation Report hints at a solution to the intelligence-sharing problem when it says: “The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools.”
Security platforms incorporating many different products and services are one way of tackling the threat intelligence deficit, offering control and confidence across channels. Platforms use just one interface, which allows organisations to gain holistic visibility of their defences. They should start by protecting their biggest attack surface – web, cloud, and email.
Automation is a bare minimum requirement of platforms, which should distribute intel without relying on manual work from a human. Today’s security platforms should also be autonomous: they need to be smart enough to tackle new, emerging threats, rather than just performing rote automated tasks.
Mid-market businesses have laboured for too long under the burden of point products that cannot communicate with each other. Autonomous integrated security platforms are finally lifting this weight and allowing the flow of information that’s needed to protect against modern threats.
Join the mid-market revolution. Sign up to receive our ‘7 things Wrong with Mid-Market Security’ Report: