Despite the $124 billion that Gartner estimated organizations would spend fending off cyberthreats this year, the frequency and severity of incidents continues to grow. A report by Nominet found that the majority of chief information security officers (CISOs) lack the necessary resources to defend their organizations. And an informal survey of 22 industry executives, chief technology officers (CTOs), security analysts and independent security experts last year by SiliconAngle found unanimous agreement that the cybersecurity problem is getting worse.

Is there hope of turning the tide? Many experts say yes. New technologies such as machine learning are showing promise, information-sharing consortia are springing up to enable better collaboration and organizations are finally taking cyberthreats seriously enough to apply more discipline to using the tools they already have.

Solid Processes Are More Important Than New Tools

I recently contacted a group of security experts to ask them one simple question: “What is our best hope to reverse the momentum in the fight against cybercriminals?”

Most organizations could blunt the vast majority of cyberthreats by making better use of the tools they already have and protecting their most precious data.

“We need to prepare our organizations for an attack rather than expecting frontline security solutions to prevent them every time,” said Adam Kujawa, director of Malwarebytes Labs.

Among the steps Kujawa recommends are segmenting critical data into a protected subnetwork, performing frequent backups of valuable data using versioning and encryption, giving users easy ways to report suspicious activities, and creating and rehearsing an incident response plan to quickly identify infected systems and restore critical data.

“Take the stance of someone who has been attacked and develop plans based on that stance,” he added.

Security journalist David Strom echoed Kujawa’s advice about preparing for the inevitability of cyberattacks. In addition to segmenting your network, “enforce least-privileged access, because hardly anyone needs to have administrator rights,” Strom said. “Vet your disaster recovery and backup procedures, and set up fallback communications plans like email, text and voice in case they are hit.”

Veteran CTO Jim Stikeleather, who is now a professor at the University of South Florida’s Muma College of Business, agreed that process is more important than new tools. According to Stikeleather, of the six critical elements of cybersecurity — anticipate, protect, detect, react, respond and repair — most organizations focus primarily on protection and neglect the other five. By thinking more holistically about the problem, organizations can change their focus from “cybersecurity to cyber resilience.”

“Resilience is even more important when you consider the increasing interdependence of systems across individual identities, organizations and governments,” Stikeleather said. “Systems need to be redesigned with humans integrated with the computer systems, while moving beyond a strictly perimeter approach.”

His comments validate research by Experian and Ponemon Institute, as well as others, that humans are the weakest link in the cybersecurity food chain, making a well-trained workforce one of the best defenses.

Technology Will Help Improve Detection and Response

There are also some bright spots on the technology front in the areas of both detection and response. The proliferation of connected devices has dramatically increased the volume of security data that needs to be monitored and analyzed, noted Mary O’Brien, general manager of IBM Security.

“Humans are drowning in the sheer volume” of this information, she said. Machine learning algorithms, which apply specialized calculations to large data sets to enable computers to discover patterns and correlations that might elude humans, can relieve the burden of dealing with the deluge.

“Using machines to pore over the vast quantities of data, organize it, analyze it and separate the critical indicators of cybercrime from the noise is our greatest hope,” O’Brien said. “The only solution is to get value out of artificial intelligence.”

Orchestration and automation tools can also cut down significantly on human labor by automating routine tasks and ensuring consistency and repeatability, according to Ted Julian, vice president of product management and co-founder of IBM Resilient.

That value can be amplified with better sharing practices. Enterprises have historically been reluctant to share security information for reasons that range from compliance to competitive advantage. However, with the advent of community services like IBM’s X-Force Exchange, collaboration is now simpler and safer.

“Information sharing can allow us to collaborate and collectively respond, and our adversaries already do this,” Julian said.

Start With Education, Preparation and Application of Best Practices

There are certainly some technologies on the horizon that have intriguing potential. However, the answers above suggest that education, preparation and rigorous application of existing best practices are better solutions than throwing money at the problem.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today