The challenge here lies in educating and training employees to adopt appropriate policy-compliant behaviors, while ensuring that security does not inhibit user computing behavior. Security must be an essential part of the compute stack - not something later purchased and bolted on - and at the same time become part of an organisation's culture.
Highest protection can only be achieved when hardware, software and people's behavior support each other in raising one's security posture. At Intel Security, we take cyber education as one of our key missions - reaching from our programmes for primary schools and silver surfers to policy advice we share with companies and governments.
Besides the employees, the CIOs themselves are also integral in upholding the security within the company. What do you think are some common mistakes CIOs tend to make with regards to enterprise security?
We all can agree that in the landscape we operate in, not all threats are created equal. That's why we need to give ourselves permission to stop going after every alert that comes into our security operation centers with equal focus.
Around 98 percent of these events are low priority. We advise CIOs to gather talent on the hunt after the two percent of alerts that are the real threat. Security managers should use their security information and event management (SIEM) tools not as a security inbox. Instead, they can leverage these systems to a source for actionable intelligence to understand what may happen next and how and when it's necessary to raise your guard.
How should CIOs know if their implemented security measures are "sufficient"? What are some recommendations for assessing an organisation's current state of resiliency?
Based on the same ESG report I mentioned earlier, nearly 80 percent of people surveyed believe the lack of integration and communication between security tools create bottlenecks and interfere with their ability to detect and respond to security threats. Real-time, comprehensive visibility is especially important for rapid response to targeted attacks, and 37 percent called for tighter integration between security intelligence and IT operations tools.
In addition, the top time-consuming tasks involve scoping and taking action to minimise the impact of an attack, activities that can be accelerated by integration of tools. These responses suggest that the common patchwork architectures of dozens of individual security products have created numerous silos of tools, consoles, processes and reports that prove very time consuming to use. These architectures are also creating ever-greater volumes of attack data that drown out relevant indicators of attack.
To put it simply, it's time for a more thoughtful end-to-end, connected security model. CIOs need to ask themselves whether they are running security integrations which are suitable and broadly reaching, providing infrastructure to make integrations simpler, repeatable, and future-ready. If we immediately measure the value of each threat alert as it arrives, and then map its probability in order to predict its path, target, and agenda, we can better contain and respond to attacks against our systems and data.
Sign up for Computerworld eNewsletters.