2020’s abrupt shift to remote work may have slowed the spread of COVID-19, but it opened doors for a deluge of cyberattacks - bringing cybersecurity to the top of mind for organizational leadership and into the spotlight throughout the world. No matter the industry, businesses must build resiliency into their models.
Immediately.
Why?
The COVID-19 pandemic and the rapid transition to online work and leisure activities forced all businesses to increase their digital business activities at lightning speed. The race to get employees up and running in a digital environment – across all industries – left many organizations wide open to cyberattacks. The stage was set for a 400% increase in phishing, malware and ransomware attacks - exposing 36 billion records and costing enterprises $20 billion in 2020.
The traditional IT model focused on networks, systems and data for “defense in depth” solutions to address security and vulnerabilities. But, according to Gartner, making sense of the sheer volume of data coming from these tools is a struggle for security teams while partnering with IT teams presents its own set of challenges. Meanwhile, poor cyber hygiene and open doors hamper efforts to build a cyber-resilient organization.
The statistics are alarming.
- According to Cyentia Institute, unremedied vulnerabilities and misconfigured devices accounted for 50 of the 100 largest cyber loss events in the last five years.
- Gartner reports that customer misconfigurations are responsible for at least 95% of cloud security failures and cost $5 trillion in the past two years.
- Amazon Web Services has seen thousands of breaches and billions of leaked data records because 7% of all AWS web servers are publicly accessible with no authentication. While 35% store unencrypted data.
- Open door breaches include WWE, Verizon Wireless, the Pentagon and Alteryx.
Simply exercising good cyber hygiene by making buckets private, including authentication protocols and following AWS access and authentication best practices can stop cyberattacks like these.
The culture of cyber resilience must come from the top.
According to Accenture, leaders must “nurture the right cultural conditions by fostering a mindset of resilience.” It all starts with good cyber hygiene. You cannot protect what you don’t know about. You can’t protect everything. And, unfortunately, no matter how diligent you are, breaches will almost inevitably happen. But, there are steps you can take to improve your security posture and build a system of action that brings security and IT teams together:
- Leverage the power of the CMDB
Your CMDB houses data on all IT Hardware Assets, their configurations and how they relate to one another - providing a window into where vulnerabilities lie.
- Prioritize vulnerabilities with risk-based vulnerability management.
No one could possibly manage the volume of cyberattacks at the rate they’re hitting us. Risk-based vulnerability management tools triage vulnerabilities and address larger, high prioritiy threats first.
- A good SIR process is critical.
Unfortunately, you cannot stop breaches altogether. Cybercriminals are smart. They have the time and capital to find and exploit vulnerabilities. Your best defense is putting a good SIR process in place to mitigate the inevitable breach.
All too often, IT and Security work in their own silos. Pulling the two teams together is a win-win for both groups and the dynamic duo of IT and Security will benefit the whole organization.
How does ServiceNow play into all of this?
The myriad of security products available can be grouped into categories based on what they do. Protection products are designed to keep the bad stuff out or detect threats that find their way into an organization. Security Information and Event Management systems (SEIMs) collect data from various products in one place. Vulnerability management systems scan assets and identify vulnerabilities that can be exploited – potentially leading to a breach. Threat intelligence tools provide additional data to help identify threats and indicators of compromise.
Events and alerts from all categories and user submissions via the service catalog flow into ServiceNow. Incidents are matched with the CMDB, prioritized by their business criticality and assigned to owners. Teams can generate IT change requests with a click and generate post-incident reviews automatically. ServiceNow uses orchestration tools to automate actions like patching, configuration changes and security requests like blocking and IP in the firewall.
When your dynamic duo leverages ServiceNow, your whole enterprise wins.
IT wins actionable, prioritized work, recognizable toolsets and the ability to set and maintain expectations. Security gains visibility into the status of work and a common platform with access to needed resource. Together, teams can establish appropriately sized expectations for work status, audit prep relief and SOAR.
Catch up with us at Knowledge 21 for an even deeper dive into security & risk’s future. Crossfuze’s Andrea Castillo, Practice Director Security and Risk, ServiceNow gives an even deeper look into the cyber-resilient organization of the 21st century. Or connect with us now at LetsTalk@crossfuze.com.
