Tackling the cybersecurity remediation gap

Chaliya | Dreamstime.com

There are two ugly truths of cybersecurity. The first is that it takes a lot longer for cybersecurity professionals to discover the presence of malware than anyone cares to admit. The second is that it takes a lot longer to remediate a vulnerability than most business leaders realise.

For some it might take a week; others might take more than a month. The reality is that only a small portion of organisations can claim to remediate vulnerabilities the day they are found. The timing and effectiveness of responses are critical when organisations are under attack. Manual intervention can waste valuable time during attacks, allowing threats to spread and damage to escalate.

No email defence technology can protect against increasingly advanced email threats 100 percent of the time. Some advanced social engineering attacks like spear phishing and business email compromise (BEC) will reach users’ mailboxes. And when they do, organisations need to respond quickly and accurately to minimise the scope and severity of damage.

According to the ACCC’s Scamwatch data, more than $5.4 million was reported to have been lost to BEC scams in Australia in the first half of 2019. This represents a 42 percent increase over total BEC losses reported to the ACCC in 2018.

In addition to remediation, patching applications and the Windows operating system (OS) remain key security challenges for organisations. In theory, Windows 10 might make it easier for organisations to address some of these issues. However, there’s still a lot of companies that won’t have completed migration to Windows 10 ahead of the end of life support deadline for Windows 7 in January next year.

Stretched thin on security

A big part of the cybersecurity problem organisations face is tied to the size of the IT team relative to the scope of the problem. Many organisations are being stretched thin and can’t meet high priority needs and/or are unable to perform essential security operations.

Naturally, that shortage of skills makes a powerful case for investing in automation. As the overall size of the attack surface continues to expand, it’s simply not feasible for cybersecurity teams to defend against every threat without some additional help.

If we take a look at attacks such as spear phishing and BEC, they’re extremely hard to detect. Cybercriminals leverage social engineering to mimic user behaviour to get around known defences and infiltrate organisations.

The remediation gap is likely to become a bigger problem before it gets better. Cybercriminals are getting more efficient at discovering vulnerabilities. In some cases, they are continuously scanning high value targets in the hope that someone makes a mistake they can exploit in a matter of minutes.

Automation is key to remediation

It’s becoming more apparent that IT organisations will need to invest in higher levels of automation, particularly in the form of machine learning algorithms, to effectively respond. Automation plays an important role in threat detection and response, which in turn, eases the burden on and maximises the effectiveness of the cybersecurity teams that organisations have in place.

The challenge is that while cybersecurity professionals are starting to appreciate how those algorithms might augment their expertise, the costs associated with automation are frequently viewed as being prohibitive.

Another big part of the problem with implementing automation can also be traced back to the vast number of cybersecurity tools organisations have deployed. These tools most often only serve to reduce overall visibility, while simultaneously increasing operational complexity.

It’s not at all clear when the cost of next-generation cybersecurity technologies that incorporate higher levels of automation are going to be deemed affordable by the average enterprise. In the absence of those types of investments, the remediation gap will only grow wider because there are not enough people to throw at the problem.

Given that there’s a chronic shortage of cybersecurity skills, it’s only a matter of time before organisations make investments in automation. The real issue is that many of them are struggling with how long they can put off those investments because the current heroic manual efforts of the IT team are deemed good enough. This, of course, is the equivalent of continuing to punish IT staff for their success regardless of the toll being inflicted.


About the author

Andrew Huntley is the regional director for ANZ and the Pacific Islands for Barracuda Networks. For more information, visit: https://www.barracuda.com/

Copyright © 2019 IDG Communications, Inc.

What is security's role in digital transformation?