Digital Transformation: The Gift and Curse

Change in the Cybersecurity industry has become imminent because architectures are breaking and the existing cybersecurity approaches are no longer working. WE ARE NOT SECURE!!!
Over 90% of companies globally have been breached. Digital Transformation is moving so fast, sadly Cybersecurity is not moving at the same speed. The bottom line is that there is a need to come up with a different approach and a different view looking at these things. Security units spend a lot of money trying to be secured and frankly speaking the budget most times is not the issue but the Return on Investment (ROI).

Modern Cybersecurity requires users and data to be at the center of designs and thinking. A Cloud-First approach should be key while a hybrid-ready plan should be in view always. Cybersecurity should not be about Hardware or Software but the BAD players getting into the networks. In most cases, these bad players are already in, and there is little or nothing the hardware or software can do. This happens a whole lot because the industry seems to have forgotten about the People (users).

Digital Transformation is usually in phases, ie A global organization plans for digital transformation but in most cases, its branches in different countries are at different phases of the same project at different times. This is even more frustrating with different Data regulations and compliance across different countries and continents.’ The infrastructure-Centric approach has been the norm since the inception of Cybersecurity and this is usually built on Point products which are almost not scalable. Converged Security should be considered ahead of point products. Point products keep adding for basically one reason, Something Keeps Cropping Up. The Point products are however projected to go into extinction within the next 3 – 5 years.

SIEM like other tools lacks user context and worse of all, it gives some information only AFTER the incident. It does not stop bad things from happening. Mobile users access systems from everywhere, bypassing accounts, and frustrating cybersecurity teams and the architectures are also too rigid to manage the Total Cost of Ownership (TCO). With the growth in businesses and having to comply with industry, regional, and government regulations all around the globe, Hyper-connected environments introduced with the risks it poses, it gets more complex and complicated. It is time for a New architecture different from the orthodox norm, this is intended to bring back control and visibility and also save some money.

In all of these complexities, one common denominator is the people. Outside the physical attack that might cause service disruption, all other security incidents start with some sort of compromised access. Cybersecurity forgot about the People!!!
There are three (3) vectors in every cyber-attack;
●External attackers
●Accidental losses
●Malicious insiders
PS: Compromised user access exposes Critical Data and Intellectual Properties.

CISOs usually want to spend a high percentage of their resources checkmating the external attackers, Nation-state actors, and criminal organizations. Whereas the vectors that pose greater risks are people who have legitimate access by the virtue of employment. It does not matter who this user is, Every CISO’s job is to make sure that the enterprise’s risk is managed while also maintaining compliance.****
The Greatest Risk is NOT Understanding the Compromised Users.

Preferred Approach;
The right approach should be to focus on the people first. Look at the possibility of automated mitigation of that risk posed by a compromised user. Try to understand the behavior and context across the endpoint, network, and cloud. Look at quantifying the risk of the behavior in real-time at the user level. An Automation to Mitigate the Risk at the User Level is Key!!! Digital transformation has brought about more channels for data exfiltration. It is no longer limited to just exfiltration via USB sticks, Floppy disks, or Printing. There’s now exfiltration through HTTPS, FTP, Email, Cloud Apps, etc.
The key to mitigating critical data loss is understanding the user’s intent and looking at integrated visibility across the numerous exfiltration channels.

Organizations lose millions of dollars on litigations due to Data leaks/loss. Companies who focus on the left of the breach are better placed to avoid these losses than companies who wait at the right of the breach. Malicious entities are almost always already inside the network so the key task is to stop the exfiltration of Critical Data and Intellectual Property.