Today’s Cyber Defense Challenges: Complexity and a False Sense of Security – Source: www.securityweek.com

There are quite a few industry standards (e.g., ISO/IEC 27001, PCI DSS 4.0) and government regulations (e.g., HIPAA, FISMA, CISA) that provide practical advice on what security controls to establish to minimize an organization’s risk exposure.

Unfortunately, these guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter is very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming (e.g., Constellation Software, NextGen Healthcare, San Bernardino County Sheriff’s Department). As it turns out, purchasing more security tools only adds to complexity in enterprise environments and creates a false sense of security that contributes to today’s cybersecurity challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cybersecurity risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

A Complex Environment

As an example, according to the 2023 Resilience Index (PDF) more than 80% of devices use the Microsoft® Windows® OS, with the large majority on Windows 10. At first glance, this might appear homogenous and easy to manage; however, the reality is that IT practitioners are struggling to keep their employees’ endpoints up to date with 14 different versions and more than 800 builds and patches present.

Adding to the complexity IT and security teams must deal with, is the number of installed applications on devices. According to the same report, there are 67 applications installed on the average enterprise device, with 10% of those devices having more than 100 applications installed.

The sheer number of applications installed on enterprise devices – as well as the variety of operating system versions and builds – make it difficult for IT and security teams to maintain those apps or patch them. This situation negatively impacts their ability to minimize exposure to known vulnerabilities. In turn, it’s not surprising that it takes on average 149 days for small companies, 151 days for medium and large enterprises, and 158 days for very large organizations to patch their endpoints’ operating systems.

A False Sense of Security

To address a new challenge or threat, enterprises often purchase more solutions. Organizations are spending tens of billions of dollars annually on endpoint security alone. In turn, it’s not surprising that there are more than 11 security applications installed on the average work-issued laptop.

An enterprise’s security posture is only as strong as the security controls that support it. If left unchecked, every security control deployed on the endpoint represents a potential vulnerability if it is not running and able to perform its job. Common decay, unintentional deletion, or malicious actions all impact the integrity and efficacy of security applications and endpoint management tools.

And while IT and security practitioners agree that security tools like Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), anti-virus, etc. are essential to defend against attacks, they lack visibility into the tools’ security efficacy. The 2023 Resilience Index data shows that 25 – 30% of devices had unhealthy security controls, emphasizing that it’s not about deploying security controls but instead making sure that they’re always functioning as intended.

In this context, we cannot forget about remote access applications, as they have become the lifeline to enterprises. Mobile workers require secure, but frictionless access to corporate resources that nowadays can reside anywhere. That’s why these technologies have become the intersection between endpoints and corporate networks. In turn, it is essential that the integrity of these tools is not tampered with. However, the data shows these critical tools are either not installed or are not at the required version level on more than 30% of devices, exposing organizations to unnecessary risk.

Making Security Work

That’s why cyber resilience matters, which according to MITRE “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure that an adverse cyber event, whether intentional or unintentional, does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.

Cyber resilience strategies encompass, but are not limited to the following best practices:

• Maintain a trusted connection with endpoints to detect unsafe behaviors or conditions that could put sensitive data at risk. This includes having granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device. This always-on connectivity can help with reimaging the operating system in case of a ransomware attack.

• Monitor and repair misconfigurations (automatically when possible), as organizations cannot assume that the health of their IT controls or security will remain stable over time.

• Monitor network connectivity status, security posture, and potential threat exposure to enforce acceptable use via dynamic Web filtering.

• Enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device posture, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.

Ultimately, it’s all about strengthening an organization’s compliance posture, assuring secure and reliable network access, and making sure that employees can confidently get to work, and keep working, no matter where risk finds them.