Despite the $124 billion that Gartner estimated organizations would spend fending off cyberthreats this year, the frequency and severity of incidents continues to grow. A report by Nominet found that the majority of chief information security officers (CISOs) lack the necessary resources to defend their organizations. And an informal survey of 22 industry executives, chief technology officers (CTOs), security analysts and independent security experts last year by SiliconAngle found unanimous agreement that the cybersecurity problem is getting worse.

Is there hope of turning the tide? Many experts say yes. New technologies such as machine learning are showing promise, information-sharing consortia are springing up to enable better collaboration and organizations are finally taking cyberthreats seriously enough to apply more discipline to using the tools they already have.

Solid Processes Are More Important Than New Tools

I recently contacted a group of security experts to ask them one simple question: “What is our best hope to reverse the momentum in the fight against cybercriminals?”

Most organizations could blunt the vast majority of cyberthreats by making better use of the tools they already have and protecting their most precious data.

“We need to prepare our organizations for an attack rather than expecting frontline security solutions to prevent them every time,” said Adam Kujawa, director of Malwarebytes Labs.

Among the steps Kujawa recommends are segmenting critical data into a protected subnetwork, performing frequent backups of valuable data using versioning and encryption, giving users easy ways to report suspicious activities, and creating and rehearsing an incident response plan to quickly identify infected systems and restore critical data.

“Take the stance of someone who has been attacked and develop plans based on that stance,” he added.

Security journalist David Strom echoed Kujawa’s advice about preparing for the inevitability of cyberattacks. In addition to segmenting your network, “enforce least-privileged access, because hardly anyone needs to have administrator rights,” Strom said. “Vet your disaster recovery and backup procedures, and set up fallback communications plans like email, text and voice in case they are hit.”

Veteran CTO Jim Stikeleather, who is now a professor at the University of South Florida’s Muma College of Business, agreed that process is more important than new tools. According to Stikeleather, of the six critical elements of cybersecurity — anticipate, protect, detect, react, respond and repair — most organizations focus primarily on protection and neglect the other five. By thinking more holistically about the problem, organizations can change their focus from “cybersecurity to cyber resilience.”

“Resilience is even more important when you consider the increasing interdependence of systems across individual identities, organizations and governments,” Stikeleather said. “Systems need to be redesigned with humans integrated with the computer systems, while moving beyond a strictly perimeter approach.”

His comments validate research by Experian and Ponemon Institute, as well as others, that humans are the weakest link in the cybersecurity food chain, making a well-trained workforce one of the best defenses.

Technology Will Help Improve Detection and Response

There are also some bright spots on the technology front in the areas of both detection and response. The proliferation of connected devices has dramatically increased the volume of security data that needs to be monitored and analyzed, noted Mary O’Brien, general manager of IBM Security.

“Humans are drowning in the sheer volume” of this information, she said. Machine learning algorithms, which apply specialized calculations to large data sets to enable computers to discover patterns and correlations that might elude humans, can relieve the burden of dealing with the deluge.

“Using machines to pore over the vast quantities of data, organize it, analyze it and separate the critical indicators of cybercrime from the noise is our greatest hope,” O’Brien said. “The only solution is to get value out of artificial intelligence.”

Orchestration and automation tools can also cut down significantly on human labor by automating routine tasks and ensuring consistency and repeatability, according to Ted Julian, vice president of product management and co-founder of IBM Resilient.

That value can be amplified with better sharing practices. Enterprises have historically been reluctant to share security information for reasons that range from compliance to competitive advantage. However, with the advent of community services like IBM’s X-Force Exchange, collaboration is now simpler and safer.

“Information sharing can allow us to collaborate and collectively respond, and our adversaries already do this,” Julian said.

Start With Education, Preparation and Application of Best Practices

There are certainly some technologies on the horizon that have intriguing potential. However, the answers above suggest that education, preparation and rigorous application of existing best practices are better solutions than throwing money at the problem.

More from CISO

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read