By Debasish Mukherjee, Vice President, Regional Sales APJ at SonicWall Inc.
Against a context of rising and persistent cybersecurity threat and a seeming endless multitude of possible solution providers, working out what solution suits an organisation’s needs is not simple. Debasish Mukherjee, Vice President, Regional Sales APJ at SonicWall talks through some of the considerations necessary in selecting the right cybersecurity solution.
Enterprise security has become a very common and a concerning topic of discussion for today’s SMEs and large corporates. The news cycle is full of stories of breaches, security incidents, and the resulting impact on customer confidence and company valuation. Cyber attackers never take a break, even while the rest of the world is preoccupied, whether with pandemics, conflict, or much else besides. Cyber criminals have kept pressing enterprise resources with new zero-day attacks, new ransomware methods, and new ways of probing the weaknesses of enterprise systems.
It is crucial for organisations to understand attackers' tactics, techniques and procedures (TTPs), and commit to threat-informed cybersecurity strategies to defend and recover successfully from business-disrupting events. From stopping sophisticated ransomware attacks to defending emerging threat vectors, including IoT and cryptojacking.
Managing system vulnerabilities is one of the oldest and most frustrating security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws- flaws that, if critical enough, attackers can exploit from anywhere in the world. It’s crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. Mitigating the threat of vulnerabilities remains a high priority for enterprise security teams.
The 2022 SonicWall Threat Mindset Survey found two-thirds (66%) of customers are more concerned about cyberattacks in 2022. The survey shows ransomware is the greatest concern, as 91% of all customers cited it as their greatest worry. Phishing and spear-phishing (76%), as well as encrypted malware (66%), made up the remainder of the top three concerns. Companies are not only losing millions of dollars to unending malware and ransomware strikes but cyberattacks on essential infrastructure are impacting real-world services. Despite the growing concern of cyberattacks, organisations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data and employees against unwavering cyberattacks.
Today, thousands of organisations are out shopping for new or upgraded cybersecurity solutions. While they may differ in size, industry, use case and more, at the end of the day, they’re all looking for basically the same thing: A reliable solution that performs as advertised, at a price that fits within their budget, that can be up and running as soon as possible; providing real time effective solutions to combat and manage complex networks from a single pane of glass.
If organisations are going to have any hope of keeping up with their expanding attack surfaces and growing number of at-risk systems and devices, they’re going to have to maintain an automated, comprehensive, and adaptable vulnerability management program that can proactively mitigate risks throughout all attack surfaces.
Thus, it becomes important to move away from intermittent or periodic vulnerability scans and mature into a continuous security monitoring and management process.
Customers today are spoilt for choice, with over 3000+ security solution providers and vendors available to manage & integrate various solutions. A recent Boston Consulting Group (BCG) report shows that majority of cybersecurity leaders are looking for larger, consolidated vendors who can provide multiple services in a single offering. CISOs say that mature cybersecurity technologies — traditional endpoint protection platforms, firewalls, governance risk and compliance services, network access control, secure email gateways, and unified endpoint management — offer the highest level of bundling.
Another report states 24% of security professionals go on to buy the best of the products available in the market for their needs. However, 38% of them prefer to look for integrated security solutions and platforms to address their specific security needs for long term protection.
In our own experience we have witnessed that many SMB organisations (specifically) who can’t manage and monitor their complex cybersecurity environment eventually engage with Managed Security Service providers to combat attacks and challenges so they can then stay focussed on their core business.
Implementing a solution is one thing and gauging the effectiveness of security controls is another. Constantly testing the efficacy of security controls help confirm that they either work as expected or that they, too, need remediating. It’s recommended that enterprises should, at a minimum, annually assess their system and device inventory and rank the security controls in place.
Ultimately, a sound enterprise security program should be able to define and execute a strategy that will sufficiently address challenges and leave the organisation better prepared for the future. Organisations must make security a top priority and include it in their business strategies and plans across the board at all levels – a drastic shift in mind set from “ if it happens” to “when it happens”- are we prepared and how.
A deep dive into all aspects of security risks, need gaps, current practices should be discussed and actively managed at each level of the business in today’s hybrid work culture.
Security solution programs should include regular risks, vulnerability assessments and tabletop exercises to simulate what to do in the event of a cyberattack or data breach. This can prepare the business to act swiftly in the event of a compromise, which can limit potential impacts.
Comments