By Rawad Darwich, Regional Sales Manager, GCC, Network Solutions Sales (NSS) at Keysight Technologies
Organisations in the Middle East have been exposed to an increasing number of cyberattacks, many of which have had severe consequences for their reputation, finances, and overall growth. Naturally, this has heightened interest in improving cybersecurity tools and resources. The Middle East and Africa cybersecurity market was valued at USD 1903.59 million in 2020, and it is predicted to grow to USD 2,893.4 million by 2026.
A related concept to cybersecurity is cyber risk management. There is significant overlap between the two, yet there are subtle critical distinctions between the two.
When IT leaders typically think about cyber security, they only tend to consider the numerous risks to their networks, data, and endpoints and the safeguards put in place to defend them. These, however, are not the same as cyber risks. To simplify, cyber risk management seeks to reduce the likelihood of economic damage caused by cyber events, whereas network security aims to prevent malicious cyber events. For instance, having homeowner’s insurance, which reimburses owners for 100% of their losses is a great strategy to. successfully manage the risk of economic loss from theft. On the other hand, in order to mitigate the risk and securing their house, owners need to ensure that all doors and windows are locked and that a security alarm is activated each time they leave the house.
It is crucial for IT leaders to understand the relationship between cybersecurity and cyber risk management and doing so allows IT teams to capitalise on the overlap between security and cyber risk management. Improved cyber risk management is, after all, one of the benefits of solid network security.
To bolster their cybersecurity efforts and minimise cyber risks, IT teams can take three actions:
- Reduce Your SIEM Alerts – And Know Which Ones to Investigate
Most enterprise security teams receive over a million SIEM alarms every day. These are far too many threats for any team to prioritise and examine effectively. As a result, several SIEM alarms are disregarded, allowing attackers to slip through the cracks. Moreover, a significant portion of these alerts prove to be unactionable. The organisation is merely the next IP in line in an automated scan or probe, and if the connection can be severed at the first packet, there’s no need to take further action, therefore the alert wasn’t necessary in the first place
By installing a threat intelligence gateway, security teams may prevent up to 80% of malicious traffic from ever entering your network. This relieves pressure on firewalls and drastically lowers the number of SIEM warnings. Since next-generation firewalls (NGFWs) weren’t actually designed for blocking traffic at a large scale, their processing resources can be redirected towards other critical activities, such as deep packet inspection and threat detection.
- Contain Whatever Gets Past the First Line of Defence
A threat intelligence gateway also has the additional benefit of automatically blocking command and control (C&C) connections from malware such as ransomware. These tools are supported by threat intelligence teams who maintain round-the-clock global honeypot networks to examine and monitor C&C servers operating malware networks. As a result, these solutions can block active malware’s “phone home” connection, allowing you to not only prevent malware from inflicting damage and propagating, but also detect which systems are affected and require remediation. This does not replace your endpoint security solution (which can identify malicious activities and detect behavioural patterns), but it dramatically lessens the impact of an attack on your network.
- Continuously Test Defences
Security is never static. Every day, new misconfigurations, threats, and vulnerabilities are discovered. This is why it is critical to enforce network and endpoint security policies. The latest Verizon Data Breach Investigation Report shows that simple misconfigurations generate significantly more breaches than technology gaps.
To remain a step ahead, security teams must think like an attacker. That is when Breach and Attack Simulation tools come in handy. These tools enable teams to securely simulate a wide range of vulnerabilities and attacks against the security stack (endpoints, firewall, WAF, DLP, and so on), detect vulnerable misconfigurations, and fix any gaps discovered through step-by-step remediation instructions.
While network and endpoint tools provide security, breach and attack simulation tools lower the likelihood of a cybersecurity incident by ensuring that these tools are configured and working optimally.
An ounce of prevention is worth a pound of cure
Organisations should not wait for attackers to put their defences to the test. Investing in network security will lower the probability of a significant breach. Given the costs of such attacks — including legal/compliance fines, reputational damage, and market capitalisation losses — it isn’t easy to envision a more risk-reducing investment than enhancing network security.