Webinar Recording

Surviving the Cyber Security Attack Wave


Log in and watch the full video!

KuppingerCole Webinar recording

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
And the topic of today. Yeah. Cyber security, I think very, very hot topic. So we'll, I think hopefully provide you some of some very interesting information news around this before we start some, some information from keeping a call and some housekeeping, and then we directly dive to the presentation. So cooking a whole Analyst company based originally started in Europe, but we also have people over in the us focusing on enterprise it research advisory, decision support, and networking for it professionals through our subscription services for all our research, through our advisory services and through our events. So that's what we are doing. And we are doing a lot of events also besides our webinars. And you are well informed about our webinars and the upcoming ones. So one of the things we are doing that will be internal language is some industry around table focused on the user organizations, talking about large computing security and data protection.
So really going deep into this, that will be on November 17th in Frankfurt, as I've said, it's in internal language, but we will do other things in English language as well. And for sure, we will do next year again on European identity and cloud conference. This time, April 17th, to twenties in Munich, all the information available to our website. And I'm pretty sure that it will be again the best E C ever and provide very, very much of very valuable information like every year. Okay. So the next thing then is a little bit of housekeeping. Some guidelines for the webinar. You are muted centrally, so you don't have to mute your arms yourself. You're controlling. These features usually don't have to care about us in a way we are recording the webinar. That's always a very important information and the podcast recording will be available, available latest by tomorrow at the same link of the webinar filed.
So the webinars itself, you founded our, our website. So we will put their podcast link and we will put their links to the presentations of most speakers of today. Q a will be at the end, like always. So you can ask questions using the questions tool in the go to webinar control panel, which you usually find at the right side of your screen. Could, you can enter the question, your questions there. You can do it at any time. Usually we will pick the questions at the end of the webinar. In some cases we might pick a question during the webinar, but usually we do it at the end. However, it's a good idea to end the questions once they come to your mind so that we have a big list of questions after the two presentations you will see within in the next few minutes. Okay. So yeah, trend today.
So very typically trend for our webinars. The first part will be done by me. I will talk a little bit about key elements of a proactive security risk management strategy. And I'll also provide some other thoughts about cybersecurity attacks. So I will sort of pull the ground for the second part of the webinar where Dr. Alliance and we'll talk about elements of a properly, properly planned and implemented security risk manage management broker third part like always will be the Q and a session. So I'll dive directly into my presentation. And yeah. So let's start when looking at this entire topic, one of the questions I have in mind, this is just the wave. So we, what we are seeing today is cybersecurity at Texas is something like this, or is it something like this? Or is it maybe something like that?
I personally believe it's not only a wave. It's something which some problem, which is increasing, whether it's exponential or not. That's another question, but I don't think that it'll disappear. I think it will remain here. We have a lot of different types of, or something Dr. York will talk about later on states in some cases. So if you, if you look at what has been published around some of the things like stook Smith, like did not attacks or the recent Mitsubishi attack and Japan, there are states involved. There's organized crime involved, black hat and white hat, and who else we don't know, but it's an increasing problem.
And so from my perspective, there are some golden rules for it. Security. One of these rules is what we should have learned. And I think that's very important for the, for the things me and Dr. K will talk about. And one of the things is you should rely on more and one approach for security or formulated the other way around, never relied trust on one approach for security. So I think one of the things when, when looking at this attack wave or the attacks is we have to have also an approach for security, which doesn't leave us alone only with one approach for security reason, why it will be discussed more, more depths later on because there are some good reasons it might happen that you have an attack. And then it's about having as much time as possible to deal with the attack to avoid.
So it's too harmful. The second thing security is about reducing risks, but there's always some risks remaining or get way around, never believed that you're fully secure. So you have to assume that something happens that you, you will never have a 100 person security and certain thing, which is, I think, think very important for dealing with the entire thing is always expect the unexpected to happen and be prepared. So never believed that you considered all the risks out there. It's always clear, something might happen. You didn't expect to happen. And even then you should have an action plan in place for these things where, you know, I don't know exactly what will happen, but I have to act on this and done to do this. My perspective is the first thing you need, you really need to understand is risks. You can't protect everything. You can't put the same effort in everything.
You don't need to do that. So, so you, you, you, you really have to look at how can you deal with these things? So it's about focusing, not about saying we do everything, protect everything the same way, but you, so how you need to understand the risk its impact its probability. And then you should define your approach based on risks to know where to focus on. So I think the very first thing is really understanding where to start, where to focus on because it's impossible to protect everything you are doing at the same level. It's important to understand where to focus on second step, define controls, define what you are looking at. So if you know your risks, you can define your controls. What do you measure? Measure defined thresholds and alert. So it's about understanding, okay, I have a risk. How can I identify what happens there?
And risks are definition measurable. So if it's not, if you can't measure it, it's an uncertainty. If you can measure it, it's sort of a risk risk. You need thresholds, which is security wise, something, which is a little bit, I put it in quota because it's not necessarily a number, but it's something where you say, okay, I have to alert. And then it's to understand how to alert, where to alert. And I will talk about as later on on Dr. You will also talk about as much more in depth. There is. I think a very important thing to understand is how to, to really identify what you should alert and how to react on these things. And the third thing for sure is add actions. So summer steps be prepared. So you need to know there could happen something. If something happens, you need to do to know what do now, it's not about thinking about, okay, something has happened.
What should I do? It's about just picking your plan and acting for sure you should mitigate risks if possible at all. So if there's a chance to mitigate risks, you should do it. You won't be able to mitigate every type of risk. So you have to react on that attack if requires it might happen that something that an attack occurs and you should always that again, one of the things you should plan for the young blend thing. So when dealing with this attacking the first thing is again, understanding your risks, define your controls at your actions. And I think a very important thing. There is also if there's best practice available, then rely on the best practice. So in some cases you might provide you with best practice implement these things. It's a good thing to have it because security, especially in this complex world of cybersecurity attack, if you look at the apt using the advanced persistence thread, the model where a lot of different types of attacks are well combined to, to really get access to the really critical data, then it's about really understanding these complex things that means best practices help you.
There's the idea of thinking about working with peer groups feasible. So are there peer groups that provide you information, starting with things like a CSA. We trust some ideas around cloud security and other things. So there, there are things as your system integrators, your consultants or your vendors or MSSP and MSPs. So the manage security service providers to provide you with best practices, not always to reinvent the wheel for you, because there's a lot of thing which is pretty common and understand this entire thing is something which is part of a bigger GRC picture. So that's a picture to get out of a report. We've written some, I think two years ago right now, which is called GRC reference architecture and the GRC reference architecture just describes on, on how to do these things between what do you do there? You need you to, to model your requirements, what are your policies and these things you need to do your status investigation.
So the first thing is about understanding your risks, your controls, and all that type of stuff. The second column, or the second pillar is around status investigation, measure these things, collect your control status, have your dashboard there, search things about improvement activities. So how to get, to get better in these things where to really mitigate risks by doing projects. And the other thing is an about crisis and incident management. It, the, the interesting point really is if you take the topic of, of cybersecurity attacks, you can perfectly fit it into this model because understanding risks and defining controls, that's the first pillar measuring is the second one, optimizing your infrastructures one and having the action plans in fact are the two last of these columns. So I think it's very, very important to understand. It's not only about having a technical tool in place. It's about having a much broader approach of, or integration with what we commonly called GRC governance, risk compliance in place and understanding.
This is one thing where we integrate things out of a lot of tools. And that's definitely one of the questions. What about tools? You will need tools. You will need a lot of tools. Maybe in many cases, these are a lot of them you will have in place. They are trust there. You might need to configure them better than you had done. That might be something which is, which might, might be a situation there, but you need something to glue them together. And I think that three, if you go think back about the last picture I've shown, that's exactly one of the points. How can you do things together? So the two layers is sort of what provides the detailed information. You might have a management layer, which allows you to, to manage technically things which happen in a lot of tools. And you need a layer which really shows the information, the control status, the overall status, and all these things on top.
So pulling these things together by control governance and or management layer, that might be one layer. It might be two layers. That's a, from my perspective, a very important thing. And to put it really into context, not only to say it's a technical thing, it's not only a technical thing. It's something it's a much bigger framework so that you really ensure that, that you work very in a very structured way on these things. So also that if something is detected more at the level of the security guys, it still needs a well defined, structured so that this is, it is ensured that someone deals with these things so that everything up to the maybe required notification of the public is done correctly. And that's where you really needs to build an infrastructure to do, to deal with these things. And it helps you because you can much focus much better on the things, you know, need to know, because when you start from top from the controls you end up with, you might need some tools much more than other tools. So you might focus on focus through investments again also. And I think that's a very thing. So the overall approach to do it is what I would call, avoid, detect counter. So like counter strike and rescue, and to do it correct for is fine, but you never, ever will manage to avoid all attacks. So you need to be P everywhere. You need, not only to be proactive in the sense of, I try to avoid text. You need also to be P by trying to detect attacks if they occur anyway.
And also again, Dr. Will go more detail in detail on that. You need to be proactive in the sense of, if something happens, have your action plan ready to deal with attacks. Cardio strikes would be great, but it's not what you're usually doing. It's about trying to stop the attack, trying to, to understand what has happened really. Is there something you have to do? In addition, all these things, you must be ready to do these things and have your emergency plans ready if everything else failed. So if there has been a real big issue, you need to deal in an appropriate way with it. And I've recently blocked about what I expect. And I think that's, depending on the role you have in some cases might trust me that it's about being very Frank to the public and saying, okay, that's what happened. I will help you to, to reduce, to mitigate your risk. So if it's your customers, which are affected by like against you, then it's about how do you deal with this? And there are different approaches. Let's look at no charge, which didn't do it. They're out of business right now. Others have felt much better with it.
You also have to, to understand the thing about false, positive, false negatives incidents and how to deal with it. And so default negative thing is in fact, or the test positive is, is if you detect an attack, says, okay, your test of attack was positive. In fact negative. But to test itself has been positive. If there's no attack detected and the test was negative, it means no attack. If you have been attacked and it detect the attack, that's positive. If you're not attacked and you don't detect it a correct negative. And then there two situations that falls negative and false, positive, false negative in that case means you're attacked and you don't detect it. False positive means you're not attacked, but you detect and attack. What you should do is you minimize. And that's again, where it's very important to carefully understand how these things are related, what things to look at and all these things minimize your false positives and no false negatives allowed at all, because you should have as minimum as possible, false positives.
So things very, you think that might be an attack and it turns out worse in an attack. However, if you missed to identify an attack, then you really have a problem. So they need to be handled a little bit different, but it's very important. And the balancing is a complex issue. It's very important that you end up with a, with a very small list in the best case of things, where you think that might be an attack. Otherwise, a lot of people will always investigate these things and you'll end up with a lot of work, which should be avoided as possible. So also thinking about automatically handling of positives. So identifying which type of attacks are, can I handle it automatically is one of the things minimize overall involvement? I think that's one part. If you look at your strategy, we should really focus on by knowing what, what is at risk by knowing which controls do have in place, where where to look at you can definitely move forward in doing these things.
One of the issues I like to cover quickly also as the situation around it experts, I think we have a very, very big mismatch between supply and demand and mismatch full, further increase. So we have an increase in demand due to the increase in threats and the increase in awareness information security right now is not a topic of the it guys anymore. Only for sure the, it is looking at information security, but it's a board topic in these days. The board really has understand, we have to focus on information security and cyber security attacks are very important. Part of it, a very good starting point as well, because let's say the, the, the uncertainty and the fears.
It's very big in that area. On the other hand, the number of security experts is increasing only very slowly gaining the required experience takes a lot of time. So while the attack wave is a big wave, we are facing, we are not that quick. And let's say building them all against that wave. So again, it's about thinking, what can I do with MSPs and MSPs? It's about investing in education. It's about building on best practices. So trying to, to reuse knowledge and to, to yeah. Build on services if possible. And finally, so when we're looking at what, what are your elements? What should you have to do for your cybersecurity strategy? There's targeted targeting factors, minimize what can happen, minimize the risks and minimize what happens. So risk management is key element controls based upon these risks is key element, having the right tools in place, having the people and the action plans. That's what really makes out your cybersecurity strategy. And having said this, I will hand over to who will dive up much more into details right now. So I will make him percenter. And I'm you, Tim and Dr. It's your turn right now.
Thank you, Martin. I appreciate you laying the foundation for today's topic in the next 20 plus minutes. I wanted to share with you how to
Implement a proactive security risk management strategy to really survive the advanced persistent threat wave that we're currently seeing. So what we will be covering is really at the challenges that cyber security attacks, race, practical steps to improve your risk posture. And then I wanted to share with you a case study, really something that we have experienced as a vendor that helps companies and government agencies to prevent and to minimize the impact of cybersecurity channels. So before we are diving into details of brief overview, who edge aligns us, we have been around for more than six years. Our mission is to make risk visible, measurable, and actionable for both businesses it and secure operations. We're a private company based on the us. We're seeing tremendous growth. We're very innovative, which is reflected by three patents that we owned. And we earned a lot of industry accolades over the last 12 to 16 months.
We have seen a tremendous interest of our clients in really security and risk management strategies. And we are proud to really have a broad portfolio of customers ranging from financial services, the public sector, healthcare to energy, retail and technology. And so today what I will be sharing with you is really based on the experience that we gained with these global 2000 companies and government agencies. And the slide here really shows just a few examples of the broad range of our customers. So what we will be looking at today is really, we will identify the most critical cybersecurity challenges as they relate to threat vectors, common targets, and the consequences they have for your organization. We will also look at what are the practical steps to improve your cybersecurity in your organization, and then last but not least, you will gain insight into the benefits of an integrated vulnerability management and risk-based security program.
So as, as Martin pointed out over the last probably nine months, we have seen a lot of media coverage as it relates to security attacks and the resulting data breaches, the frequency and sophistication has dramatically increased. And the interesting thing is really that these attacks are no longer focused core on commercial institution, financial institution, but rather all of these attacks range across all vertical markets. So it's no longer, easy to say, well, I'm in, in a different industry, so I don't have to necessarily care about it. Everybody is nowadays impacted. And part of the challenge is that really the attacker profile has gone a little bit broader. Martin mentioned in the past, we have seen cyber security techs being driven either by organized crime or by state funds hackers. However, over the last nine months, the majority of the techs are perceived to be driven by so-called gray head hackers.
These are hacktivists anti security people, and, and really do this to drive specific motivations, to reveal security, lack within organization, to reveal privacy issues to the public. And so this has really led to, to a huge coverage of these attacks in the media. And when we take all of this into account, we have to really admit you have your hands full, and it's not just that. Now you have to deal with all of these attacks, but more importantly, you're facing internal challenges. Traditional vulnerability controls are often unable to really keep up with the evolving exploits. And that includes parameter intrusion detection, signature based malware and antivirus solution. We're always chasing the hacker. We're never really ahead of the hacker. Another dilemma that we're facing are really that security tools currently still operate in the silo based approach and are not integrated and interconnected to really achieve a closed loop process with continuous monitoring.
The biggest issue though, is that there's a lack of risk based prioritization whereby vulnerabilities and remediation actions are not based on the risk to the business. And that's very important if you're currently using your security towards, you will get outputs of couple hundred pages of data locks a day as it relates to vulnerability, but these data locks will give you no indication how to allocate your resources. Should I first do a patch on my email server or should I do first a patch on my coffee server? So it, it really does not give you any input, any insight on the criticality that vulnerability has to specific assets or to your business itself. And that really leads to higher exposure for your organization. As it relates to data losses, identity theft system, outages, data destruction, non-compliance copyright infringements and unauthorized disclosure. And all of these consequences can really ripple an organization.
And we have seen examples where really a tax on Sony really had a major impact on their reputation, on their valuation on the market. And so it's very important to kind of think about what can you do to address these challenges and these dilemmas. So let's take a look at the practical steps to improve your cybersecurity. And we split this down in the middle, there are basic steps, and then there's something that we call really the advanced step. And we define that as risk based security. So when we look at the basic steps, there are basic a couple of things that most organizations already do. And, and Martin port did that out early in his presentation. You have to conduct risk assessment and determine systems with sensitive data and highest business criticality. So that's very important risk assessment system classification. And the next step, you have to rationalize the location or sensitive data stored to only the most secure system that are protected against direct internet traffic.
So here we're talking about network segmentation, and that becomes very important, especially if you have to undergo specific regulation like PCI, where it's very important to, to do segmentation within your network. And then the next step is really to track your risk on these critical systems. From a top down perspective, to really understand the key threats that a company faces and ensure controls are in place to counter these threats. So top down risk assessment control checks. So all of these things are normally things that organizations already put in place, but what really comes next? What do you have to think about to make your organization even more secure? So here we're talking about really risk based security. And so the first step is really to unify assessment solutions for possible and consolidate and correlate data from the silo-based sources to get a more holistic view of exposures affecting your most business critical assets sounds very complicated, but in reality, this is what Martin called the glue, putting your investments into producing return on investment, meaning you have invested in a lot of security tools, but currently their silo base.
So now you put another layer of technology on top of it to really allow you to take the data feeds, correlate it back to your assets, as well as your business criticality, to really be able to prioritize your remediation actions. So how do you do this? You have to employ problem management, meaning ticketing creation, or tracking system across organizational lines to address threats and exposes in a timely fashion with appropriate controls and remediation activities. That's a very important thing. A lot of time security operations, it's responsible for detecting vulnerabilities, but then they're passing it on to the it team for remediation. And that's where a lot of times things get thrown over the fence and they disappear in a black hole. So, so to implement streamline system, a ticketing system that allows security operations to still have insight into what happened to the detected vulnerabilities is very important.
And that helps then to really do remediation prioritization and streamline the process to even if Hecker is breaking into your organization, you detect them far earlier than what happened in the past. Another step to consider is explicitly test and verify controls and remediation are effectively applied and actually mitigate the risk as expected. So you are not just applying the patch, but you should also test if the patch works effectively. And that's what we call close loop mitigation actions. And then last but not least, it's really about practicing and managing emergency response procedures to minimize organizational impact on the event that the data breach does occur. As Martin pointed out, the chances that something occurs are still pretty high. It doesn't matter what you throw at those hackers, but you can at least minimize the impact. You can streamline your processes and you find out quicker what is happening and you can take actions.
So from that perspective, I had mentioned risk-based security. What, what does that concept really mean? So most of you will use application scanners, network scanners, and threat advisories. But as I said before, a lot of times there's, silo-based, they give you some information, but not a holistic view, but if you put a technology on top of it that allows you to aggregate and correlate that information with assets, with the business criticality of the assets, as well as with the controls that already in place, as well as the patches that might already have been applied to address vulnerabilities, it allows you suddenly to prioritize your remediation action. It also gives you a good view into the organizational impact that these threats and vulnerabilities have, and you can slice it and dice it by country business, unit division department, and processes. We know a lot of the organizations nowadays move their decision, making their remediation actions out into the business units.
So having a tool in place where you can allow them a view into their particular business unit, it's very important. And that business view of risk really allows you to do the necessary steps to apply specific actions, and then assess on the high level, provide your C your CIO with really an assessment of the risk impact as it relates to your business, your business continuity, your it security, your supplier, threat vectors, your reputation, all of these things. So it's very important to have that closed loop, to take data feed correlated back to your assets and to your business criticality. So how does that look in reality? Well, here we have kind of flow sharp that kind of outlines how this would look. So on the left hand side, you see that you normally use vulnerability scanners, asset management, CMDB tools to really get a view of what are my vulnerable assets nowadays, more critical infrastructure providers no longer are now vulnerability scanners in their environment.
They kind of look down their network. And so in this case, you could still take the approach of a virtual scan by taking threat information, CPE, GCC data, and correlate that back to the status of your configuration of the asset. And that would also give you an indication of vulnerable assets. But again, if you would just go so far, it does not allow you to prioritize your remediation action. So in the next step, you are using software technology that allows you to correlate that data vulnerabilities assets, their configuration, the patches, the tickets back to the business CR criticality, which then allows you to produce a comprehensive report that gives you a view into your business business, critical risk posture. And from there you can create now full audit trails, risk reports that you can share with your sea level people, but also at the same time, that same technology should be helping you to orchestra your mitigation, meaning having a bidirectional integration into your help desk system or patch management system to really enable you for close loop remediation.
Of course, once a patch has been applied, you would bring in, again, the vulnerability scanners to confirm the remediation that are replied, and if they have been effective and that data then gets feedback into your risk aware database. And so you are constantly aware of your risk exposure. And this is really best practices. We have seen this being deployed and in many of our customer organization, and they were, they were doing two things. First of all, it allowed them to streamline the prioritization of the mitigation, which really cut down the number of days they spend to fix the exposure. Often they were able to catch the Hecker while they were still within the organization. And secondly, it also helped the collaboration process between security operations and it management, which is often a very critical component in the security posture of the company. So if you would apply these concepts, these best practices, what are the benefits?
So you could reduce the risk by making threats and vulnerabilities visible, actionable, and enable your organization to prioritize and address high risk security exposures before security breaches even occur. You can also reduce costs by unifying solutions, streamlining processes, adding automation and reducing redundant and manual efforts. You also can improve your response readiness by understanding existing exposures, testing your response capabilities and reporting gaps. And you can also provide your risk posture, visibility and measurement with reports and metrics to demonstrate efficiency and effectiveness. And I know in this context, very painful exercise is if the Caesar walks into your office in the morning, and he just read something in the paper about a vulnerability, let's say it's Acrobat reader. And he wants to know from you, how are we doing? How is our our company doing in this regard? And that's the so-called data call. And a lot of security ops people are kind of afraid of this, cuz they know that they will spend the next week to pull all the data together and analyze it.
But if you have an automated, proactive security risk management system in place, this task is reduced down to minutes and not days any longer. So that's very helpful. As I had mentioned earlier, we wanted to share with you one life example of one of our customers here, we're talking about a provider of energy services with an electrical and natural gas distribution to more than 6 million customers. And they really were challenged. They, they used different security tools that provided them different views of vulnerabilities, a lot of faults positives. So a lot of noise, they didn't really know which one was true or not. There was no single process or tool to manage vulnerabilities life cycle from discovery to remediation. And also they had difficulties to really administer across a large number of reported and action vulnerabilities. So what they did, they, they really integrated a single administration platform for enterprise wide threat and vulnerability program.
So what we saw in the workflow shot, they basically applied this. They took their data feeds into that system and they were able to do a realtime correlation between advisory feats, vulnerability, scanners, configuration management, and patch management. And it allowed them really to do a real time risk based prioritization of the reported vulnerabilities. And that resulted in improved awareness for critical assets. They had comprehensive vulnerability management programs suddenly in place, and they were able to report on any type of risk and therefore be better prepared. And they really reduced time. It took to mitigate specific vulnerabilities from a couple of weeks down to just a few days. And that really helped them. They're considered to be a critical infrastructure provider to also meet government regulations that were in place that forced them to prove to the auditor that they're compliant. And so they took major advantage of this type of approach.
And we have seen really a lot of organization taking advantage of that. So to summarize cyber attacks are increasingly testing global organizations of all sizes and industries looking at latest wave of data breaches. You should take this as an opportunity to obtain security budget for the protection of your organization and mitigation against future attacks, leverage the security budget to implement a unified and integrated vulnerability management system in the first step, and then extend your security strategy with a risk based approach, correlating exposures with assets and their business criticality, and also implement closed loop remediation and verification process. And we know a lot of security ops people still don't have the full budget. So we always recommend governance, risk compliance programs have still funding a lot of organizations. So just piggyback off these budgets curse. At the end of the day, we all know that security in place equal to compliance with regulations. It's not the other way around, like a lot of people might believe, but this is really what we see in the market. What helps a lot of organizations. And so I hope today's presentation really helps you to get a better understanding how risk based security management system can also help your organization. So with that, I, I hand back over to Martin for our question and answer section.
Okay, thank you. And thank you very much for that presentation of the information you've provided. So it's time for the Q and a and it's time for you to enter your questions, using the questions tool and of go to webinar so that we can directly dive into this discussion. I think that's what you should do. And we will then pick up these questions, discuss them, provide, try to provide well answers to what you are asking us. So one of the points I, I really like to see, so you talked about what, what you, what you're seeing is what would you say when did this, let's say this shift in the market, we are observing Europe observing from let's say technical tools towards a really strategic approach approach to handle these things. When did it really start to when it really start to gain massively momentum like it does today?
I think a first indication we got about 12 months ago, but a really major push Kim nine months ago. I mean, we had seen the incident, the data breach at our friends at RSA. Unfortunately their secure ID token was breached and that led to other cybersecurity attacks on data centers of many other organizations. And so there was quite a big awareness among organizations that they have to take proactive steps to really address these challenges. And again, fortunately what we're seeing, what we're hearing from organizations from analysts like your, is that the security part of the overall strategy has gained a lot of traction in organization. So it's not an avoided topic any longer, but it has become really a very strategic component of the overall business strategy. And so from that perspective, a lot of organization started really looking to integrate and interconnect their existing security towards together holistic view and, and streamline their processes.
Yeah, but I think that's the same thing we observed. So that really these things, especially also the APTs, which are not the one attack, but which are well defined series of attacks are influencing this. And the other thing is really that overall information security right now is a topic for the board, regardless of the industry's way. Look at, I think it's really something which became a topic, which has reached much more attention than it ever had before to all these prominent attack we have seen in the, in the, during the last month. And I think the other thing is really, if you look at any type of, of public news, newspapers and so on, if something there were happens in the industry, you're not only the it news anymore. No use.
Yeah. And I, I think that the board now is involved, represents a challenge for a lot of it organization and security operations course while they're using a button up approach to gather information about vulnerabilities, that information is something that is not for presentable to a board. The board would not understand what, what the data means. So here you really have to take rather a top down approach and combine both data sources in a single view, but make it comprehensible to C level people that they quickly can understand what is my risk exposure? What is my compliance exposure and make business decision based on that data?
Yeah. There's an interesting question coming in and I will, we'll hand it over to you directly. So how do you calculate a specific risk? Do you use attack trees? Do you use attack trees to calculate risk from sub risks or is it only a summary of something like interviews?
We have multiple sources to calculate risk. Every organization is differently set up, but in reality, there are so-called risk catalogs, risk domains out there that you can import into the system. You can then manipulate those risk scores to your own requirements. And then we have an automatic correlation. If they're controlled some place that mitigates specific risk, we automatically recalculate those risk, but we really take multiple data sources. We have the data feeds coming in from the security tools that provide the specific score. We have the threat advisory data feeds that we correlate back to it. And then as an organization, you are really classifying your assets and determine what criticality these assets have to your business. And that also has an impact in the overall risk calculation. And then as I said, thirdly, you have some automatic mitigation controls built in that could positively apply to your risk overall score. So it's a, it's a comprehensive model that we provide to our clients. And it's very easy to manipulate the risk scores, the risk definitions. You can do that in a use interface. You don't have to pull in a programmer to really change that. So it's very flexible and can be adjusted, adapted to your own requirements.
Okay. Thank you. Another question I'd like to ask you. So I I've talked about, we say mismatch supply and demand. If you, when you look at the information security experts. So, so what is your advice to our attacks on how to deal with that situation?
Well, it's, it's really, I mean, one of the advice that we gift don't throw what you had done in the past, out of the window. I mean, it's, it's really, you have done it for a reason. I think the ecosystem has evolved. And so what you have to do is you have to find really that glue that, that Martin talked about and really interconnect your existing security tools with that new technology layer that allows you to gain a holistic view of your security and compliance posture. And fortunately technology has evolved their couple of solutions out there, like the one from edge Lys that can help you to address these challenges.
Another question which comes in here is how can you be 100% sure that so called rogue states are involved in attacks.
Again, we have seen a multitude of attackers nowadays. You cannot be sure that even if you have evidence that a particular IP address resides in a rogue state, that that is the final indication that that rogue state has been launching. The attack hackers are very sophisticated. They can really kind guide you in the wrong direction. So I think all the talk about China being a Techer Russia, being a Techer, these are just assumptions. This is nothing that can be proven on paper. So from that perspective, as Martin pointed out, who knows what, what we have to focus on is that we're dealing with an increased frequency of attacks, potentially increased number of attackers. So our mindset should be okay, I have to be proactive. I have always to be on my heels and I have to put in place a strategy that allows me to minimize any type of impact. And I don't care who is trying to attack me.
Yeah, I think that's exactly the point I was, was about to make, if you know, the, the value of your, your information assets and the things related to these information assets, which could be things which are only information. If you look at net the target, in fact, wasn't really an information asset. It was more sort of real assets. But if you know about these information assets, the value they have for you, the risks associated with, and you also then will to some degree, understand who might be interested in attacking these things, however, doesn't really care at the end of the day. Who's the, what really cares is about that. You minimize you risk because it's, there's no difference at the end of the day, if it was a rogue state or any ti other type of attacker. And I think that's really the point you, you have to, to always keep in mind, it's about minimizing your risk. And for sure there are some things where you would say the risk probably is higher than a rogue data attacks me here and here, the risk might be higher that a gray head or someone else attacks me. But at the end, it's about really understanding where do I have to start with protecting myself and where do I have to focus on?
I think the important part is really that, that within the whole organization, not just part of the organization, and that's when you implement a risk based security approach, you have to in an early stage, pull all stakeholders into the planning process and really create an awareness and culture within your organization that makes everybody aware of what could happen. We all know that the bus biggest risk and most of the cases comes from within the organization inside our threats are still the biggest threats. It's not the cybersecurity attack necessarily even though that number increases, but insider threats are still the majority of attacks. And again, you can prevent that if you create awareness for security and a proactive approach in the organization. And, and that's, I think the important step here.
Yeah, I think the part is internet or attacks are, are, are pretty stable. So slowly growing. The problem is that the external attacks are growing. Not only slowly, they are growing very quickly, but you have to look at all these things in increase awareness. And, and if you look at risks, you always will end up as hopefully not only looking at external risks, but any time of risk to your information security. Okay. If there are no further questions, I currently have no questions visible here. It's about me to thank you very much for attending. This could a cold webinar and to thank Dr. Charles Georga for providing his very valuable insight into the topic of how to, and how to deal with cyber security attack. So thank you,
Martin.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00