Shifting focus from perimeters to people is crucial for success in the new era of mobility and cloud.
For decades, enterprises have focused on securing valuable data and IP by building “walls and moats” to keep out bad actors. Yet despite growing investments in defensive technologies, cyber breaches continue to proliferate. The threat landscape becomes even more complex as perimeters effectively evaporate thanks to ever-increasing systems (e.g., cloud, mobile) over which an enterprise has limited, if any, control.
Could the security industry have it all wrong? Is the real problem weak external perimeters, or is it the need for better visibility and understanding into how, when and why people interact with critical data – wherever that data may travel?
Looking at today’s security landscape, it’s clear: The time has come for vendors and security professionals to shift paradigms – from an “outside-in,” technology-led approach to an “inside-out,” people focus approach, which is better suited to the new era of mobility and cloud. It really comes down to businesses understanding the rhythm of the people they interact with and the associated flow of their data. And if that rhythm or flow changes, we absolutely must ask, why.
A change of strategy is required: After nearly doubling between 2015 and 2016, security events are rising sharply in 2017. The numbers are even more troubling when you consider ongoing, steep hikes in security spending, forecast by Gartner to top $113 billion worldwide by 2020. Greater security investment should reduce breaches—so why hasn’t that happened?
Cloud services and remote workers challenge cybersecurity
Two major corporate trends have posed complex and unfamiliar challenges to cybersecurity: the growth of cloud services and remote workers. These have helped boost efficiency and agility, attract millennials and improve employee retention. But they’ve also spread critical data everywhere — stratified in private and public clouds, on removable media and often haphazardly co-mingled with personal data on mobile phones, tablets, and laptops.
With people and data constantly on the move, the traditional security perimeter in many organizations has evaporated. Vendors introduce new technologies and update products, but their IT infrastructure-centric view sets up a never-ending game of catch up. Not surprisingly, the security industry hasn’t had sustained success — we’ve been trying to solve new problems with an outdated approach.
Unfortunately, today’s security professionals often can’t see how and where data is used as it sprawls across company, employee and hosted applications, devices and services. Big data tools can find high level security trends, but do not shine a light on the specific identities (real or impersonated) that may present the greatest risk to an organization.
Are we flying blind?
This lack of user visibility is a serious — and growing — problem. In the 2016-2017 EY Global Information Security Survey, “careless or unaware employees” and “unauthorized access” were named as the top-growing risks. It’s no wonder that compromised user credentials and negligent or accidental employee behavior are the most common causes of breaches and data loss. Organizations are hard-pressed to tell what’s going on.
So, what’s the solution? Infrastructure-based approaches are increasingly ineffective and obsolete. Enterprises are increasingly unable to spot, control and manage people-based vulnerabilities that can destabilize even the most secure networks. The answer lies looking in at the one constant — people interacting with critical business data and IP.
Regardless of how attacks originate, our opportunity lies at the intersection of people and data. These human contact-points can undermine even the best-designed systems with a single malicious or unintentional act. Our ultimate vulnerability is not malware; it’s unpredictable human nature.
Adopting an “inside-out,” real-time approach to security focusing on people, rather than technology infrastructure, offers several benefits. First, it also drives organizations to think about the “why” behind activities that occur. By knowing the motivation behind cyber activities, organizations can understand what kind of user they’re dealing with in that exact moment, and make swift, informed and effective decisions about remediation.
Such an approach to detection and response also helps enterprises understand the context and intent of user behavior, “good” or “bad”. It creates an early warning system, proactively searching for abnormal behavior across a range of risk indicators that might point to a potential future breach.
For example, a people-centric approach can help identify whether a data breach was caused by a simple mistake (as most of today’s cyber incidents are) or by an employee targeted by a social engineering campaign. Once that is understood, a clearer path to remediation and long-term improvements (e.g., employee education) may emerge.
Finally, besides improving threat visibility and managing risk, this human-centric approach to security also helps support compliance requirements. It does so by ensuring effective identification, evidence collection and reporting of a breach — and by demonstrating that proactive capabilities are in place for mitigating risk.
The security industry is at a tipping point. Record cybersecurity investments have been met with an onslaught of data breaches — led by a dramatic rise in insider-related incidents. Staying ahead in today’s new, fast-evolving security environment calls for placing cyber-behavior and intent at the center of security. It is the only way to have a chance to keep up with all the technological innovation to come.
The change is already underway. Gartner says detection and response technology will be the top enterprise security priority from 2017 through 2020. Focusing on “inside-out” is the smartest way to protect employees, along with critical IP and business data, while safeguarding the brand’s reputation and ultimately maximizing cybersecurity investments.