March 6, 2018 By Douglas Bonderud 2 min read

Objects in motion tend to stay in motion, while those at rest stay at rest. The common paraphrase of Newton’s first law isn’t just applicable to physical objects.

As noted by the “CyberArk Global Advanced Threat Landscape Report 2018,” many organizations fail to adapt their cybersecurity strategy to changes in the threat environment, even in the wake of an attack. How can these companies shift momentum and evolve their security capabilities to keep up with the volatile technology landscape?

Still Standing, But Standing Still

Ransomware is evolving as cybercriminals leverage fileless attacks to evade typical security solutions, and it seems as though high-profile breaches of corporate systems and personal data occur almost weekly. For this reason, security teams constantly adapt their approaches to predict new threats and prevent common exploits.

However, the CyberArk data tells a different story. According to the report, 46 percent of respondents said they couldn’t prevent cybercriminals from cracking internal networks. About half said that personally identifiable information (PII) is potentially at risk because internal security only meets the bare minimum standards.

In addition, 36 percent of security professionals queried in the report said their company stores administrator credentials in Word or Excel files on local PCs. Meanwhile, 49 percent admitted that, although they use the cloud to store mission-critical data, they don’t use any kind of privileged account security.

Overworked security professionals have established defenses that work well enough to keep networks up and systems intact. But they don’t have the forward momentum — even after a data breach — to make significant changes to cybersecurity strategy. In other words, network defenses are still standing, but they’re standing still compared to attackers who constantly search for new avenues of compromise.

Getting Cybersecurity Strategy Up to Speed

Despite the critical role of cybersecurity in driving return on investment (ROI), many companies don’t make room for it in C-suite discussions. Consequently, strategy always lags a step behind as IT administrators look for ways to get executives on board. Encouraging C-suite support means speaking the language they understand: cost of ownership, potential returns, and the negative outcome if PII and cloud-based data isn’t properly protected.

As noted by Forbes, one key aspect of building a strong cybersecurity strategy is segregating responsibilities. While security remains a team effort overall, too much overlap creates the dual problems of uncertainty and confusion. Creating clearly defined roles and assigning specific tasks ensures that all security professionals know their responsibilities and are certain about what has been done to shore up network defense.

No matter how dedicated the security team and how supportive the C-suite, the nature of data-driven, cloud-first IT environments makes it impossible for human analysts to keep pace with the speed of security change. As a result, it’s easy for companies to feel like they’re standing still even when security teams are working around the clock. Moving forward means tapping tools that can help automate critical functions, such as account privilege and alert monitoring, and help security professionals get strategy up to speed.

The bottom line is that a major security breach is often not enough to convince organizations to get cybersecurity strategy moving in the right direction. Don’t let cybercriminals take the lead. Bring security into the boardroom, establish clear boundaries and integrate automation to empower change.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today