Event Recording

Matthias Reinwarth: Optimizing Your Cybersecurity Spending: Where to Put Your Money During and After the Crisis?


So also welcome from my side again, welcome to this call virtual event, cybersecurity and enterprise risk management. And I will talk as Beto mentioned about optimizing your cybersecurity, spending where to put your money during and after the crisis. And the stress in these two lines is actually on you optimize your cybersecurity spending and where to put your money. So this is an individualized decision. This is nothing that an Analyst from the outside can just tell you to do, but I want to give some help, some guidelines and maybe some methodologies on how to do that, but be before I do that, I want to make sure that you down loud, the app, as Jennifer mentioned, and as an incentive, there is some virtual raffle insight, this app within my keynote, this keynote. So if you log in, you go to my keynote, then you are capable of downloading a free copy of John Berg's leadership, compass fraud reduction, and intelligence fraud reduction, intelligence platform.
Sorry for that. And, but you need to go there and to download the app and that's, that is the incentive. So please, please do so. And that was the short commercial break here, but I want you really to participate. I want to answer your questions, please participate and interact with all the other participants. So, but now to the agenda for my short talk, first of all, I will lay out the challenges, five examples and five starting points where we have to look at when we analyze the current situation. I want to show quickly the, the portfolio management approach that we at Ko Cole typically apply when it comes to, to starting project identifying what needs to be done with, within an organization. Some general recommendations for cybersecurity that we think apply anyway, and a look beyond cybersecurity because we think cybersecurity needs to be considered in a bigger picture.
And that is my agenda for these remaining 16 minutes or so. So first of all, five premises for successful cybersecurity. First point don't be naive, protect and defend is not enough anymore. You need to understand, and we need to understand. And every one of us has to understand that we are targets all the time, whenever we are online. And even if when we are not because our platforms are available online and it's the individual, the private person, the small business up to the governmental organization or large enterprises, don't assume that no one attack you, they are attacking you permanently. That is going on all the time. There is no 100% security as battled already mentioned, and that is also really true. You will never be in a situation that you, that you can protect you yourself completely. So feeling safe is the worst that you can do.
So you need to ramp up. You need to keep up and there will always be any ways successful attacks assume breach, not security. So what we need to think of is the principle of zero trust is actually a, a technological, a technology concept, but it's also a state of mind. You need to make sure that you don't trust in just a single technology in just a single control. Single means of, of provided by a piece of software, not just the firewall, add layers of security on top of each other, to get to an end, to end security, assume breach, stop lateral movement and combine assurance from multiple entities and verify it continuously. So that also needs to adapt to change, to make sure that you are always up to date with what you're doing in cybersecurity plan for the worst, because we've mentioned there's a 100% security, we are targets.
We need to make sure that we are prepared for the incident when it happens. And we had to be prepared for this pandemic as well. And some did, some did not, and it turned out differently for them. So prevention is no longer enough. You need to plan for the worst. So it's not only detect its respond, recover, and improve. And this is one of the key trains of thoughts within this keynote, make sure that you integrate your business continuity management planning with your cybersecurity initiatives and think beyond tools that is of importance when it comes to implementing cybersecurity the right way. It's not only about technology, they help, but this is not everything. It's about people, about organization, about processes and policies. And it's about portfolio management. That is what we are going to look at later. Five cybersecurity challenges. Now that we know where we are, these are the challenges that we typically think of and they are still important.
And I just go through them quickly because you know, all of them, you are all cybersecurity pros and this is nothing new. So data breaches is one of the key challenges. When it comes to protecting your organization, you yourself, your, your governmental organization, unsecured APIs, everything that is in this list, you need, we need to make sure that external attackers are not in a situation to provoke such a data breach. Ransomware is one of the key challenges as of now. And it goes hand in hand with an aspect that we have as just one of the next points as well. We need to make sure that people understand how to prevent ransomware to getting on their systems passwords. When I started with cooking a Callum five or six years ago, my first panel I moderated was about passwords and how to kill them. They're still alive and kicking.
They're still around, but we need to make sure that we protect our access to systems, to services in a more strong way, in a more reliable way, by using something like strong authentication, like, and even monitoring the actions of people within the systems, by applying U V E a for example, but still the passport is one of the key entry points to all your person and in organizational data. So protected well, social engineering. That is what, what I mentioned when we talked about ransomware before fishing attacks on companies have become increasingly sophisticated. And this has happened, especially during this crisis. And of course these social engineering's attacks, they aim at identity theft. And I think there's hidden in this, in this block, there is this figure of 62% of all attacks occur based on social engineering and when something counts for 62% and needs to be done something against this.
And finally the cybersecurity challenges that threaten our IOT, our OT. So all the devices that are connected to our networks that are maybe not even reachable currently, because we cannot get to them. They are potential back doors for attackers to slip into a corporate network. So handling them is a challenge and needs to be done well. So now that we've seen the starting point where we are right now, the cybersecurity challenges that have changed over time, we need to make sure that we look at the right area. So we, or I recommend three focal areas of cybersecurity to put your priorities on. First of all, as I mentioned, business continuity management, understand where you are, what can really kill your business when something happens. So what is the main threat when an incident happens and how resilient is your it to pro protect this process that is highly relevant, is your, are you really in a situation to keep on running if an account or if an incident actually happens and if it has happened and you cannot continue running immediately, how can you restart your business quickly and fill in the gaps that are there, are you prepared for a restart, even from a worst case scenario when nothing is available anymore, when your systems really have broken down completely and finally, to keep your business alive also means that you need to be prepared for adequate communication in a crisis.
And communication means communication towards your employees, your customers, but also maybe against the regulatory body that is required to be informed as well. So are you prepared for this so-called black suit communication is somebody prepared to lead this second, educate your team and you see there's no technology right now, right there in my recommendations. So this is really about processes. This is really about policies about doing things, right? So do you have training at hand, think of the 62% successful attacks through social engineering? Do your people do, does your staff understand the attacks and do they know how to prevent them, how to prepare for them and what not to do click on that attachment. Do you inform them on time about current threats? This is the second key area. When we think of focal areas for cybersecurity. And the third finally is about optimizing your tools, landscape, which tools do you have in place?
Do you have a blueprint? Do you really need all these tools? And this is not a Greenfield approach, many tools are in place and they cover different aspects within the overall threat landscape, but are they all required? Do they have functional overlaps? Are there gaps? And how can you deliver all that you require with an optimized tooling? And that is what this next slide is about. This is really how we recommend to do portfolio management. And that is really a simple, a very simple chart that everybody can create. If you download just a simple, or if you create a simple Excel sheet and just apply some graphics, this is what is behind there. No fancy technology. The, the, what, what you're actually doing is to rethink your cybersecurity portfolio. Yeah. From a helicopter view, first of all, define dimensions. So we have two axis here.
The X axis is risk mitigating impact, and the Y axis is total cost of ownership. And if you place your tool landscape within such a, we call it portfolio compass, but it's just a chart. Then you can identify those tools that really make sense for you because they ha have a high risk mitigate, mitigating impact. And then you can look how costly they are when it comes to having a project, to implement them, to license them and to run them in operations. So rate technologies or tools make your decisions. What makes sense, where are gaps and where are overlaps. And on that basis, you can optimize your portfolio, clean it up and do that more often than just once. When I tell it, tell you to do so and even think of alternative ratings, this is a good starting point that is on that slide here, but there are also other dimensions to think of like these ones that I just want to give you at hand as a recommendation also to look at, I won't go through all of them, but I just want to have a focus or spotlight on hybrid support.
As bad mentioned, we are, we have become much more digital during this crisis. And we had to many organizations are using digital platforms for communicating, for sharing files, for executing meetings in an online fashion. So we have moved to a hybrid infrastructure already. So cybersecurity today also means cybersecurity for the hybrid environment and maybe from a hybrid environment. So how can we provide cybersecurity in a hybrid world and how to integrate that, integrate that with existing services. So that is an important aspect to look at. And the other of course is service orientation. When we do portfolio management, we need to think, and we have to think of these tools slash technologies, as services with a well defined scope of what they deliver and how it is delivered. So if we want to change one security tool against another, we need to make sure that the service, the former provided, if it is still required, can, can be, can be replaced completely.
So think of services being parts of an overall security platform here, oops, sorry for that. The set of technologies to add, as I said, cybersecurity is not enough. Preventing is important. Preparing for the worst case is important. And that means that we need to think beyond cybersecurity and think of business continuity. So this needs to be combined to be prepared when the incident happens. So the focus on mere security tools is no longer sufficient. So we really recommend when you do this portfolio analysis that you add additional technologies to the scope of cybersecurity, you might as well already have some of these, but they are required to be added also to your mindset, to your tool well, of cybersecurity. And although this sounds really, yeah, a truism backup and restore is what the, what it is all about, ensure that your backups are there, that they are available and that they are well protected as well against various types of attacks so that you can get to rapid recovery.
Once an incident happens to, to apply backup and recovery adequately, you need to understand where your data resides, how it is protected and how you can recover to a safe state. So data management is a discipline that needs to be considered when thinking of cybersecurity for the 2020s and beyond in a hybrid environment, especially so that you can restore your current state of business or can keep on working even in a crisis, even in a, in the case of an incident, many organizations have learned the hard way virtual workspaces are something that we consider of being important. When preparing for business continuity, many organizations really were struggling with providing remote access to their on premises systems via VPNs or the like, because that doesn't just scale adequately. So having virtual workspaces available that you can restart in a safe state wherever they can be run, be it in the cloud, be it at a managed service provider.
That is really something that prepares for business continuity. And that, again goes hand in hand with virtualization and containerization to have all these systems running in a cloud or on premises. But nevertheless, you can really move them wherever you need them and scale them up as required. And of course, the concepts of containers, microservices, and virtual machines, they help a lot in that, in that area. And I've mentioned that before cloud infrastructure is a key thing to look at, go for the benefits of the cloud. They, this cloud can provide easy restart of VMs and services with the scalability and flexibility that is required in a changing situation. So these are five technologies to look at my final slide recommendations for investing in cybersecurity. And that is also only in, in, in a marginal area technology thing, use professional services work with other business leaders to ensure that your solutions are state of the art and that they match current business goals, models, and markets.
So you are not reinventing the wheel alone for yourself. Think, talk to your partners, use professional networks network through our app. Risk management is so important that even this event is called after it. So take a risk management approach to security and start with a top down approach, identify what needs to be protected first and implement that first benchmark, your cybersecurity. How good are you? How good are you performing with this systems that you have in place? And are there any gaps that you didn't think of yet keep up to date with your it. We all know that it is changing really swiftly and rapidly. So cybersecurity needs to keep up with that. You need to make sure that cybersecurity is adequate to mitigate risks and remain business goal oriented, nothing that is not business goal oriented should be executed, support your business with your technology, with your it and with your cybersecurity.
And finally, as I've mentioned before, 62%, remember that train your employees provide training opportunities for security professionals. These are the ones in the first line of defense, but this is also required for all staff in their working areas so that they understand the current threat landscape and that they understand what's going on and how they can contribute to the overall security situation within an organization. These are my six recommendations for investing in cybersecurity. I've told you about portfolio management and how to apply it and where to look at in this changing environment. Think hybrid, think of cybersecurity and business continuity management together. Thank you for your time. And I'm happy to answer your questions right now.

Video Links

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00