March 6, 2018 By Douglas Bonderud 2 min read

Objects in motion tend to stay in motion, while those at rest stay at rest. The common paraphrase of Newton’s first law isn’t just applicable to physical objects.

As noted by the “CyberArk Global Advanced Threat Landscape Report 2018,” many organizations fail to adapt their cybersecurity strategy to changes in the threat environment, even in the wake of an attack. How can these companies shift momentum and evolve their security capabilities to keep up with the volatile technology landscape?

Still Standing, But Standing Still

Ransomware is evolving as cybercriminals leverage fileless attacks to evade typical security solutions, and it seems as though high-profile breaches of corporate systems and personal data occur almost weekly. For this reason, security teams constantly adapt their approaches to predict new threats and prevent common exploits.

However, the CyberArk data tells a different story. According to the report, 46 percent of respondents said they couldn’t prevent cybercriminals from cracking internal networks. About half said that personally identifiable information (PII) is potentially at risk because internal security only meets the bare minimum standards.

In addition, 36 percent of security professionals queried in the report said their company stores administrator credentials in Word or Excel files on local PCs. Meanwhile, 49 percent admitted that, although they use the cloud to store mission-critical data, they don’t use any kind of privileged account security.

Overworked security professionals have established defenses that work well enough to keep networks up and systems intact. But they don’t have the forward momentum — even after a data breach — to make significant changes to cybersecurity strategy. In other words, network defenses are still standing, but they’re standing still compared to attackers who constantly search for new avenues of compromise.

Getting Cybersecurity Strategy Up to Speed

Despite the critical role of cybersecurity in driving return on investment (ROI), many companies don’t make room for it in C-suite discussions. Consequently, strategy always lags a step behind as IT administrators look for ways to get executives on board. Encouraging C-suite support means speaking the language they understand: cost of ownership, potential returns, and the negative outcome if PII and cloud-based data isn’t properly protected.

As noted by Forbes, one key aspect of building a strong cybersecurity strategy is segregating responsibilities. While security remains a team effort overall, too much overlap creates the dual problems of uncertainty and confusion. Creating clearly defined roles and assigning specific tasks ensures that all security professionals know their responsibilities and are certain about what has been done to shore up network defense.

No matter how dedicated the security team and how supportive the C-suite, the nature of data-driven, cloud-first IT environments makes it impossible for human analysts to keep pace with the speed of security change. As a result, it’s easy for companies to feel like they’re standing still even when security teams are working around the clock. Moving forward means tapping tools that can help automate critical functions, such as account privilege and alert monitoring, and help security professionals get strategy up to speed.

The bottom line is that a major security breach is often not enough to convince organizations to get cybersecurity strategy moving in the right direction. Don’t let cybercriminals take the lead. Bring security into the boardroom, establish clear boundaries and integrate automation to empower change.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today