Trust and security
Trust and security are now at the center of competitive differentiators. The biggest loss that a company can incur is failure to uphold the implicit agreement with its stakeholders to keep their sensitive or valuable assets safe. Whether business owners already recognize it or not, trust has become one of the key parts of the product strategy and the product itself. For cloud, financial services, IoT-related, and even retail industries, trust is a way to gain and retain customers. The “formula" for trust, in our view, consists of core components, such as security, privacy, convenience, and speed to market. Without trust of customers, employees, shareholders, and stakeholders, many industries will have a harder time maintaining competitive positions in the market. Security, privacy, convenience, speed to market must be part of the end to end vision for the product, as more and more companies deliver their products and services online.
While digitization has brought a lot of new opportunities to expand their businesses and collect massive amounts of data, it has also brought many challenges to companies to protect their cyberspace as well as their stakeholders. This has shifted developers, IT operations, and security analytics from more traditional back-office roles into the front-line as data becomes a strategic asset for the organization to increase revenues, lower costs, and solve complex problems, such as, fraud detection, cyber security, and analyze time series and metrics data in real-time.
In the past, organizational security focus was on physical security to protect against attackers operating in close geographical proximity. Companies stored their assets in safes and focused on enhancing physical ‘locks on doors’. Technology brought progress and scale of businesses; institutions are able to serve more clients faster from anywhere at a lower cost. Our neighborhood is not a local district, but the entire globe. Modern crime is low risk and brings high returns. Almost all attacks against institutions now have a ‘cyber dimension’, in which technology is used as an outright attack vector to obtain money, information, or deface an institution. Technology gave rise to crime-as-a-service.
Investment vs. Realities
Despite institutions’ efforts and investment to fight cyber crime, the rate at which threats evolve exceeds the investment and organizational structures that exist within institutions. The increasing sophistication of the threat, prioritization of openness and functionality over security, and a lack of relevant tools on premises are many of the reasons institutions are exposed to cyber heists. Moreover, security models
have grown organically over many years and haven’t been adapted to the current reality. For this reason
it is important to consider a whole new approach to security that relies on coordination among different security units and sharing of intelligence. A holistic management of security will provide better understanding of threats and will better prevent, protect, predict, detect, and recover from crime against the institution. It is important to enable defence by focusing on data and the methods that provide maximum possible protection for minimal possible costs. We need to make sure that cybercrime stops being profitable by enabling products that help to make it cheaper to defend than to attack.
Security Tools and Processes
On the enterprise side, is increasingly expensive and complex to respond to security attacks. There are multiple ways enterprises defend themselves using a combination of employees and tools for Incident Response, Insider Threat, and other areas of Security.
Companies often face the choice between Buy or Build. However, it is important to recognize what the best solution is given the company’s talent and resources. The rise of AI, Machine Learning, and Data Science has brought a broad range of tools that improve response time and accuracy of action.
Security models should be able to coordinate with reporting lines, enable real-time sharing of information, and ‘corporate memory’ with the ability to recognize patters across channels, products, entities, and lines of business. Incident response ought to act upon muscle memory.
Enterprise Ecosystem
The ecosystem surrounding an institution is composed, among others, of employees and all stakeholders, physical locations, on premise and cloud infrastructure, third-party providers. All of these components work in parallel towards a common goal, but are independent from each other. In addition, many business units are also structurally isolated from one another. Security models for many large
global organizations should account for often disjointed nature of the technology infrastructure,
business units within the organizations and have a holistic approach to better detect, react, and recover from sophisticated security threats.
To address this, in our view, information security should be integrated with physical security in global companies in order to see crime in a holistically way. There is a need to establish an effective defense resting on adequate cyber hygiene, physical and cyber security controls, with the ability to detect and react to the right 'signals'. In our view, companies should focus not on notions, such as ‘Information’, ‘cyber’, or ‘physical’ describing security, but simply focus on the core: to deliver Security.
Today, cybercrime is high profit, low risk and medium to low investment and will continue to be so until risk or investment increases or profit lowers.
CSIO 3.0
Security is about technology, process, and people.
In the enterprise context, a work ecosystem is composed of these equally important components. Whenever there is a change on any of these, there has to be a change on all of them. For instance, if there is software integration, because of a technology acquisition or new development, in itself, it is not sufficient to ensure organizational efficiency and effectiveness. Integration of the organization data, processes, strategy, and people is also required. Strategy and decisions makers need to be aligned with technical internal processes and systems requirements.
Large organizations, through organic growth over the years, are composed of multiple teams that have specific missions and goals that focus on different operations while keeping the strategy in place. Each team within the organization is specialized in an operation that may create differences in specific goals, priorities, and governance. All of these differences make the integration of people challenging. Yet best performing organizations are both highly differentiated and highly integrated.
To operate in harmony, it is important that technology, processes and people collaborate to enable deep analysis of security operations, and operations in general, to ensure that the appropriate decisions are made and operations enable to predict, prevent, detect, respond, and recover from disruptive events in order to deliver service integrity to stakeholders.
Holistic Ecosystem
1. Streamlining internal security operations
In order to ensure effective defense, cyber security programs should be run on common datasets and work alongside law enforcement entities, based on global acceptable standards with respect for data protection and privacy. Given that products will be delivered online, security, safety, privacy, and trust should be enhanced ensuring that all available information/intelligence are analyzed.
By integrating the duplicative functions, building security operations centres, and by focusing on all aspects of Security – People, Processes, Technology – companies can direct, monitor and control the implementation of Security and Trust as a whole. This way they can uphold maximum security for fewer investments.
2. Focusing on all types of threats to enable rapid reaction
Security teams should support prevention and mitigation of crimes regardless of its nature – cybercrime, physical crime, information leaks, and internal threats – or their detection methods. This “one-stop- shop” could analyze data, forensic evidence, help investigate and recover financial losses.
3. Restructuring the Internet-facing infrastructure and ensuring specialist analysis and remediation of threats
Coordinated 24/7 intelligence, investigation, and rapid reaction security team working side by side would lead to reduction in losses and costs and improve security. Initial steps should be oriented towards:
• enabling holistic pattern recognition to distinguish between “normal behavior” and “abnormal behavior” to accurately detect suspicious behavior
• allowing cross-channel visibility to detect complex patterns of behavior that may involve multiple layers across channels, products and accounts
• establishing an alert management system to automate decisions and score risk before the investigation process and establishment of a central case management is initiated
• creating the ability to link complex cases in which threats are detected locally within a business line but are part of a global threat that targets several business lines.
Often, businesses operate in silos; regardless of the strategy or the business plan. For this reason, it is important to educate and embed culture into the strategy to remediate vulnerabilities from the core. Collaboration and communication mechanisms have to also be considered a key component of any strategy to be successful. Poor communication and isolated work would lead to teams only have the visibility of the data they collect and they process. Often times building security systems do not have visibility onto remote access control or system authentication for a user. In this case, collection of data only gives you a local perspective. Therefore, events happen in isolation, and a global perspective is impossible to achieve.
Partnerships
In the Security world, it is in the best interest of all of us to collaborate to secure the cyberspace since cybersecurity is highly interdependent. Regardless of how secure an enterprise may be, its susceptibility to an attack depends on how well secured is the rest of the Internet.
The internet has given rise to crime-as-a-service since modern crime is low risk and brings high returns. Consequentially, almost all attacks against institutions now have a ‘cyber dimension’, in which technology is used as an outright attack vector. As a result, enterprises are adopting new technologies, practices, and policies that allow them to protect themselves across channels and utilize all the data they collect in real-time to secure existing systems.
It is important for companies to enable a defense that focuses on data and methods that provide maximum possible protection for minimal possible costs.