sb-eu logo
Story image

Why security tools are useless if they don't relate to business objectives

13 Nov 2017

No matter how many cybersecurity tools or products a business owns, they may not provide enough protection if businesses can’t say how those tools are part of their business objectives.

That’s according to Aleron, which says that organisations can only say they are protected when they know what they are protecting, and if what they’re implementing is able to protect it.

“A successful security strategy will have a mix of security tools, processes, and policies followed and supported by employees,” explains Aleron’s director Alex Morkos.

“They need to understand all the potential entry points for cyberattacks and create a holistic strategy that leaves no door open. However, there are many areas to consider, which makes it easy to overlook some. A risk assessment can help organisations find the correct balance between security and usability, linked back to the business need.” 

The company says there are five key questions organisations should ask to determine their security strategy:

1. What does the organisation need to protect? Any business with an online presence will have some assets that are critical and material to its operations and can be affected by cyberthreats. For example, if the business runs an online store, or sells financial products online, it will need to protect customer data as well as any IP in the online application that gives the company a competitive advantage. Understanding what data and assets the organisation has and how they relate to the business’s ability to operate safely and in good standing is key to knowing what to protect.  2. What is the organisation’s risk appetite? Organisations need to understand what outages the business is prepared to accept, what level of negative media attention it can withstand before it affects the business, whether there is confidential or private data on the network, and, if so, how valuable it is to the business.  3. What are the real threats this attack surface presents? Understanding the reality of the threats organisations can face can help businesses determine a risk profile. For example, given the right opportunity, hackers can control and monitor the corporate network and create an internal denial of service attack that’s difficult to troubleshoot. This type of incursion typically survives standard malware clean-outs. It’s important to know the real threats to protect against them effectively.  4. What are the potential consequences of an attack via this entry point?  The consequences of an attack vary depending on the business but can include disruption to normal operations, including confidential data leakage and privacy infringements. In turn, this can lead to fines under the Privacy Act and reputation damage, particularly if the attacker uses the company’s network to attack others. Often, organisations may decide that a vulnerability isn’t worth strengthening because an attack is unlikely to cause much damage.  5. How likely is an attack? The likelihood of an attack depends on how open the network is to the public and the level of interest in the business itself. Some businesses are less likely to be attacked than others, depending on factors such as the industry they operate in or the businesses they partner with. 

Morkos says that organisations should conduct security risk assessments in partnership with security experts.

“Business leaders need to consider what controls should be implemented to protect the organisation and maintain variety in the right combinations. Businesses should use preventative and detective controls together and make sure they have a response plan that is approved, understood, and tested,” he continues.

“Without conducting a security risk assessment, businesses may invest too much in security, wasting budget that could be better spent elsewhere. They may also under-invest in security measures, which could leave the organisation vulnerable to attack. The key is to get the right balance and place resources where they’ll deliver the best value.” 

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Global DDoS attacks: What they are, how they work, and how to defend against them
Do not pay the ransom, and do make sure you've got strong DDoS protection, security firms warn.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More