New cybersecurity threat vectors and vulnerabilities are emerging daily and increasing in scope, scale, and sophistication, too. This makes securing networks and managing security in today’s increasingly digital first and hybrid or “work from anywhere’” culture a modern day enterprise imperative.
IT leaders must:
- Navigate widely distributed endpoints and the rise of bring your own device (BYOD)
- Ensure vulnerabilities are proactively discovered and managed in DevOps processes
- Enable integration and visibility across ever more distributed IT assets
And they must do all this whilst ensuring teams regularly conduct patches and updates – something that was frequently pushed back at the height of the pandemic (Forrester Research 2021).
This combination of challenges can make it difficult for organisations to create and maintain an accurate and holistic view of risk across the enterprise, especially when some risks around threat visibility are very hard to identify. As an example, while denial-of-service and ransomware attacks aim to be disruptive and literally shine a spotlight on themselves, attacks from nation states are stealth-like — the very opposite!
Today, with the CIO role becoming increasingly elevated and strategic, it is absolutely fitting that their No. 1 priority is to upgrade IT and data security to specifically reduce corporate risk, according to Foundry’s 2022 State of the CIO Study. This is also reflected in security/risk management being the most significant tech initiative driving IT Investment in 2022 at 45%, and up from 37% in 2021.
It is no longer enough to have a partial view of your endpoints. And whether they are on-premises or in the cloud simply should not matter. Equally it is no longer enough to prioritise remediation based on a common vulnerability scoring system (CVSS) score of a vulnerability.
The time is now to work on creating and maintaining a holistic, integrative and proactive view of risk across the enterprise. To enable this, it is critical to combine multiple sources of risk (vulnerabilities, sensitive data exposure, compliance gaps, excessive administration rights, etc.) and then integrate these insights with an evaluation of the criticality of the assets themselves. Only this can truly provide an accurate understanding of risk in the environment, which in turn can enable a more effective, proactive and efficient management of that risk – and at scale.
A good example of such support is Tanium’s Risk & Compliance solution, which goes full cycle from helping to identify sources of risk to then prioritising remediation based on the level of risk, and further, driving remediation right across your endpoint estate in a matter of seconds.
Finally, this level of technological capability to mitigate enterprise risk by viewing, protecting, controlling and managing millions of endpoints within seconds regardless of location must also be supported by investment in culture, skills, processes. This includes, for example, CI/CD agile change management — and a shared responsibility mindset — notably around zero trust security values and practices as part of everyday business and IT operations.
Additionally, consider that the leading three barriers to digital transformation success were recently identified as related to people factors, most significantly around digital skills access, readiness and confidence (Dell 2022). Thus, it is clear that negating enterprise risk involves a collective strategy to reduce complexity, increase visibility and enhance integration. This ultimately helps you to move beyond reactive to proactive intelligence around cybersecurity threats and vulnerabilities, and whatever the next change vector may bring.
About the author:
Dr. Sally Eaves (LinkedIn) is Senior Policy Advisor and Chair of Cyber Trust for the Global Foundation of Cyber Studies and Research, and CEO of Aspirational Futures which enhances inclusion, sustainability, and diversity in education and technology. Described as the “torchbearer for ethical tech,” she was the inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations. A highly experienced chief technology officer, professor in advanced technology, and global strategic advisor, Sally is an award-winning international author, advisor, researcher, and keynote speaker on digital transformation alongside culture, skills, sustainability, and SDGs impact.
This post is brought to you by Tanium and CIO Marketing Services. The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of Tanium.