According to Gartner, by 2020 as much as 60 per cent of enterprise information security budgets will be allocated to rapid detection and response approaches – up from less than ten per cent in 2014.
Whilst this is a phenomenal shift in budgetary priorities around security, it is not surprising. Today, enterprises find themselves under constant and continuous attack. New machines are probed within minutes, vulnerable machines exploited within hours and the availability of zero day attacks is at an all-time high.
Organisations’ attack surfaces have become so large and multi-faceted that information security and risk management teams struggle to keep track of their organisation’s security status.
In this complex security landscape, it is critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. But it also begs the question, what does good cyber hygiene look like, how do you implement it and what can you do today to guard against vulnerabilities of tomorrow and boost your security?
Firstly, let’s understand what ‘good cyber hygiene’ is. In the enterprise, good cyber hygiene would be ensuring that individual data points, devices and your networks are protected against vulnerabilities while also ensuring that all systems are maintained, if not future proofed, by using cyber security best practices – and the latest technologies.
Today, good cyber hygiene would also mean that security and monitoring is controlled exclusively form a centrally managed point, pushed out to outlying terminals, and not reliant upon individuals to update their systems.
How do you go about implementing good cyber hygiene? Each enterprise will have its own unique setup and needs, but there are some basic things that everyone should be doing, especially in light of the new approach to security – continuous security – that is rapidly being adopted by some of the largest companies in the world.
- Web apps, asset tagging and mapping – You have to know what type of equipment is on your network and also where it is – internal networks, hosted on the internet or part of a cloud platform. The first step to good cyber hygiene is being able to identify every inch of your network – you cannot protect what you cannot see.
- Once you are able to see all the devices and applications on your network, you must now seek to be able to scan them from a central point on a regular basis and have the ability to patch and deactivate as necessary remotely. For larger organisations, the scale of this operation is the challenge, especially with often limited maintenance windows and architectural complexities. Flexible and scalable security scanning services are therefore becoming increasingly necessary as web apps and devices proliferate.
- Continuously look for vulnerabilities. With the increased frequency and complexity of attacks, it is no longer an option to occasionally scan your network. You have to constantly be able to monitor for threats, identify and eradicate them within your network. This is likely to be the biggest challenge for security professionals within the next decade – finding the time within the business to scan for threats and adjust on a continuous basis.
That last point is what we call “continuous security”. This is becoming more and more essential in the evolving threat landscape – and automation of as many of these processes as possible will play a massive part in making this vision possible. Good cyber hygiene will no longer be based on “incident response” but rather being able to respond to threats in an agile manner to minimise the impact it has on your overall enterprise security.
Continuous monitoring and analytics should be at the core of your security strategy – alongside your infrastructure being built on true cloud technology in order to remotely manage and automate as much of the detection and patching process as possible.
In this digital age, where enterprises rely on networks, the cloud and technology for almost every aspect of running their business, it is imperative to become proactive about implementing good cyber hygiene.
We are moving to a world where security is a continuous process – the old parallels between scrubbing yourself down in the shower every day and scrubbing your network clean every week or month will no longer hold. Good cyber hygiene today and tomorrow means being constantly clean.
Jonathan Trull is CISO of Qualys