Taj El-khayat, Managing Director – South EMEA at Vectra AI
Arab Gulf nations’ reputations for technological prowess are well deserved. From cloud to mixed reality and AI to IoT, GCC governments and businesses have been early adopters, unafraid of trying out new things. The United Arab Emirates (UAE), for example, ranks 10th out of 64 nations in the IMD’s World Digital Competitiveness Index for 2021.
But GCC governments know they must protect their digital innovation communities against those who would leverage expanded attack surfaces for their own gain. This has led to regional governments leading the world in cybersecurity. Saudi Arabia was ranked third and the UAE fifth in the International Telecommunication Union’s (ITU) Global Cybersecurity Index (GCI) of 2021, which monitored the commitments of 194 countries throughout the previous year and gauged their maturity with regard to legal, technical and organizational issues, as well as their focus on capacity building and collaboration between stakeholders.
But even with GCI scores in the high 90s, both countries continue to experience a surge in threat actor activity that dates back to the emergence of the pandemic and the lockdowns that followed. It seems that even the most cyber-mature nations are still plagued by digital assaults. In other words, no matter how secure your digital estate, there is always room for improvement.
The 9 Cs of Cybersecurity Value
Vendors and their partners, as well as the human actors involved in the procurement, deployment, configuration, and management of security solutions must work together in this improvement story. To move security forward means to ensure that technology products and services can deliver the value envisioned when they were procured. To do this we must ask ourselves if we are devoting enough of our thinking to risk-based approaches. We must ask if our work is enhancing the efficiency of people and processes. And we must ask if we are really building more resilience against cyberattacks within our organizations.
The modern business security chain is made up of three basic types of professional — leader, builder, and user — each of whom has a specific role to play in collaborating with vendors and their partners to build better security environments. To ensure they are moving in the right direction, each of these players can check themselves against three different measures of value, for a total of nine “Cs” that can move threat postures forward.
- Security leaders
Leaders — C-level executives, including the CISO and other security chiefs such as the head of the SOC — must concentrate on which decisions will move their security posture forward and provide visibility and controls that reduce business risk. Any solution must provide comprehensive coverage of the MITRE ATT&CK techniques and include as many MITRE D3FEND countermeasures as possible.
Leadership teams will discover that the right security decisions will make it easier to meet customer, regulatory, and industry standards. The tightest compliance comes from being able to see as many threats as possible, and leaders should work towards this idyll.
The leader has a responsibility to the employees and operations of the business. Continuity not only means being able to keep customer and partner data safe from prying eyes; it includes the ability to recover and move on quickly from any breach.
The cloud and security architects and engineers who construct the digital infrastructure of the business must find ways to leverage the tools at their disposal to close the gaps in the ever-expanding attack surface. Where the complexity of modern IT stacks threatens to obscure threats from technologists, security builders must advocate strongly for unified, high-coverage threat visibility across all attack surfaces.
With the addition of multi-cloud and home networks to the tech mix, security builders must ensure that they have the means to consolidate and integrate existing technology, reducing costs and time to value, and guaranteeing that the complexity of any security solution is at a minimum.
Architects must be able to handle new kinds of architectures such as hybrid and multi-cloud, and the right security platform will have built-in intelligence to bridge any competency gaps that may emerge as organizations move to alien environments, thereby increasing resilience.
The analysts, threat hunters, and security team members who do daily battle on the threat landscape must have the capability to concentrate on the threats that matter most to the business. When confronted with an alert, security teams must have a high degree of certainty that it is not a false positive. This means an end to anomaly-based analysis and the adoption of more advanced threat intelligence to make accurate assessments in real time.
In further advancement towards the elimination of alert fatigue, security teams must have access to more advanced alert triage and to advanced AI that is sensitive to attacker TTPs (tactics, techniques, and procedures). Providing the proper context to an alert can greatly reduce the time taken to mitigate a threat.
Security users must share their insights with partners and peers. Experience is everything, and threat intelligence that comes from a wide array of sources has a far greater chance of adding value to a security ecosystem.
From C to C
Applying the Cs is the fastest way to the next level of cybersecurity readiness. Threat actors have their methods, so we must employ our own risk-based measures to make their lives as difficult as possible.