There is an old saying: “Make your first crisis not be a real one.” Never has that been more apropos than during the past few months, with the COVID-19 (coronavirus) lockdown and shelter-in-place restrictions that most Americans have lived under. Now, we have lived in crisis situations before, and COVID-19 is not going to be our last or only pandemic, but it has been unique because of its universal impact, with almost no one spared; its duration; and the tidal wave of change it has brought about in the way we conduct work, socialize, access information, participate in the political process, and protect ourselves both physically and virtually.
Those last two elements are the ones we want to discuss in more detail here. Namely, how does a corporate or public sector Chief Information Security Officer (CISO) view their imperatives and organizational role in a post-COVID-19 world in comparison to their activities prior to the pandemic?
One area where we’ve seen some immediate cyber recognition has been workforce-related enablement issues during the period from the second week of March to early May 2020. Did an organization take a “bring your own device” (BYOD) approach or use a “take-out” response (that is, converting LAN-based desktops to remote-enabled computers), or take the best response action of issuing “clean” laptops to end users? From a cybersecurity standpoint, this choice made a significant difference. Clean machines often come with up-to-date application and security software on them and offer the lowest risk profile from a cybersecurity perspective. However, this brings up another question: Are data center, cloud, and storage systems able to handle serving up data to potentially thousands of additional remote workers, in some cases? There are many more issues that have not received as much attention in the last 60 days, and that is where we will focus some attention in this blog series.
Let’s set the table before we delve into these topics. Prior to the end of the first week of March—when COVID-19 came to the forefront of the political, social, and healthcare consciousness—cybersecurity company Mandiant shared in its Security Effectiveness Report 2020 that 53% of all infiltration attacks went unnoticed. Further, only 9% of all attacks generate alerts. This is startling. Simply, many organizations are performing at levels below those forecasted or expected by their senior leadership.
Aggregated data for attack interactions. Total is greater than 100% because alerted is a subset of detected and attacks can be either or both detected and prevented (Mandiant)
The data from Mandiant aggregated in Figure 1 shows where companies find the discrepancy between their expected capabilities and the measured results. On average, they detect only 26% of attacks and prevent 33% of them, which provides an opportunity to optimize their investments.
Altogether, this has a negative impact on incident response because Security Information and Event Management (SIEM) technologies, as well as other technologies responsible for triggering alerts, cannot deliver a high level of fidelity to both prioritize and address security concerns. We will venture into some of the reasons why this lack of effectiveness exists and areas CISOs can immediately take action and show leadership to close these gaps, including the disconnect between IT and Security, technology overloading, and shifting of workloads to cloud rapidly because of continuity and resiliency concerns.
Given the already-expanded attack surface, in my estimation it is never too early to look at lessons learned from the pandemic—and there certainly isn’t a shortage of teachable moments, right from the top down. This blog series will cover eight lessons and six action items for Directors of Security and CISOs whose organizations and livelihoods have been imperiled by the pandemic.
DISCOVER what's going to change in a post-COVID-19 world
Don't wait: Get the eight lessons and six action items right now by downloading the full white paper by ConvergeOne's Joe Vigorito, Senior Director, Cybersecurity Lifecycle Consulting.