The Yahoo breach is yet another high-profile example that illustrates that it is not a matter of ‘if’ your organization is going to be hacked, it is a matter of when. In this case, two years had passed between when the breach occurred and when Yahoo became aware of it. There are numerous theories as to why the breach was announced so late, but one thing is for sure: There is a real disconnect in enterprise security between the identification of issues and taking action.
Most organizations approach problems from the traditional perspective: a series of defined starts and stops, with no information sharing between steps. That game plan can leave the door wide open to malicious attacks while IT teams struggle to scale and keep track of all the moving parts. Cyber-attacks cost Asian companies $81bn last year. The Singapore government has just announced the launch of an S$10 million ASEAN Cyber Capacity Programme aimed at enhancing the cybersecurity resources and know-how among fellow Southeast Asian member states.
Benefits to having strong Security Operations (SecOps) in place
Cyber security is a growing concern globally but it is creating particular anxiety in Singapore after a flurry of attacks affecting Bangladesh, the Philippines, Taiwan, Thailand and Vietnam. One of the key attractions for attackers are poorly defended banks and companies. Having a clear SecOps programme in place is crucial.
Firstly, SecOps is able to help organisations defend against security vulnerabilities quickly. Through a clear task list, operations can address threats based on policy and impact, using criteria that protects uptime and maintains stability to ensure the most critical issues are fixed first. Leveraging operations inputs, the security dashboard provides key insight and updates to security teams on remediation workflow progress. Through the dashboard, an open dialogue is created for both teams to align priorities while doing away with opening tickets that never seem to reach a conclusion.
A January 2016 survey by BMC in association with Forbes Insights revealed that 60 percent of C-level executives surveyed believe that IT operations and security teams have only a general understanding of each other’s requirements. Therefore, it’s clear the ‘SecOps Gap’ needs to be quickly acknowledged and addressed. Until businesses adopt the mindset that every unchecked application or device is a potential open door for hackers, we are going to continue seeing private data and other valuable digital assets held ransom at greater frequency and broader impact.
Secondly, having a strong SecOps programme can help an organisation proactively defend itself against vulnerabilities. Organisations of all sizes need to adopt a much more proactive posture to security, whether it is patching known vulnerabilities or eliminating potential risks associated with unsecured assets and blind spots in their networks.
Far too often the inability to proactively defend organisations against security vulnerabilities is attributed to the lack of integration and coordination between security and operations. By leveraging IT automation capabilities, leadership can facilitate integration and coordination between the SecOps teams for a proactive approach to securing networks and servers, a critical concern as enterprises look to fast track digital business. In the simplest terms: an enterprise IT team cannot manage what they don’t know about. Visibility and simplicity are keys to switch from the current reactive mindset to a proactive security approach.
A good example of a ‘proactive’ approach is the Singapore government, which has a nationwide Cybersecurity Masterplan in place and set up a special Cybersecurity Agency just to look after cybersecurity matters. Businesses should adopt a similar approach. In a PwC survey in Singapore, weak cybersecurity standards compromises employee records, leads to a theft of “soft” and “hard” intellectual property which then leads to low investors’ confidence.
Lastly, having a strong SecOps programme allows organisations to go back to focusing on what matters to their business. SecOps help to support rigorous and vigilant controls while tools absorb some of the complexity so businesses can get back to the fundamentals. It also helps address risks based on policy and impact to ensure the most critical issues are fixed first, uptime is protected, and stability is maintained on all ends.
There is a need to identify unknown assets and dependencies across the entire enterprise ecosystem, while incorporating automation to rapidly prioritise and execute remediation. An impressive example comes from Transamerica. Its closed-loop compliance process has slashed resolution times for compliance issues from weeks to minutes. The compliance process has also reduced the auditing preparation effort from six people working for a week, to one person spending just a few hours. This is the type of efficiency and effectiveness that businesses should work towards.
Through thorough research and workshop, we understand that there are many compliance requirements to meet. Fundamentally, businesses want to automatically remediate known vulnerabilities, quickly understand the risk and priority it holds, and know how to integrate and implement solutions. The time for action is now to close the SecOps Gap.
Darric Hor is ASEAN Regional Director at BMC Software