The cybersecurity arena is undergoing a fundamental shift in focus, and protection providers are feeling the pinch.
For years, the accepted approach to cybersecurity has been on response and recovery. But with increased awareness among consumers, frustration is also on the rise. The plethora of products and services being peddled to respond and recover after a cyber-attack are not yielding the expected return on investment that people expect, and now folks are beginning to take a step back and re-evaluate their approach. Protective software and services are being consolidated and re-assessed for efficacy, oftentimes not being renewed. Instead of focusing on the fallout after an attack, consumers are now looking at prevention and how to stop attacks from occurring in the first place.
“The best IR plans are the ones you don’t have to execute,” shared Charlotte Baker, CEO of Digital Hands, when we spoke about this topic recently. It’s quite clear how the shift to predictive abilities and prevention is bringing the duplication of toolsets, capital expenditures, and investments in many different point solutions to a virtual halt. “We are doing more with less,” she said.
The industry’s two primary toolbox staples – vulnerability assessments and penetration tests (pen tests) are starting to take a back seat to the latest tactics on the cybersecurity scene – simulations. Unlike the former practices, simulations offer a nimbler, cost-effective, and timely opportunity to test prevention tools in real-time and map around known attack vectors. They also examine and test how the various tools employed work together and determine which are most effective. Furthermore, in contrast to pen tests, for example, which are rigid, expensive, and generally run only once a year, simulations may be run quarterly, monthly, or even on-demand, should a particular concern suddenly arise. Simulation results are available within hours, not days or even weeks, as with other strategies, providing much more efficient and time-sensitive metrics, which in turn allow for a more rapid response.
“Vulnerability assessments and pen tests will always be there,” said Baker. “They are important components, but simulations are key to prevention and predictive analytics.” Indeed, simulations ought to be part of a triple-pronged and robust protection solution and are what will allow organizations to see where their policies in content may fail, thus allowing them to quickly pivot and shore up accordingly – effectively, efficiently, and in record time.
And, while organizations may be tempted to take a one-size-fits-all approach and copy what their partners or competitors are doing, it is important to tailor simulation solutions to one’s unique areas of industry, toolsets, policies, or even risk tolerance profiles. No two entities are the same, and the simulations ought to be unique as well, otherwise they will risk providing low value results, defeating the purpose. More than ever, today's industry, and even government entities, are looking to protection providers to really understand their organizations and provide unique and customized solutions.
The practice of responding and recovering following an attack is well behind us as the shift toward a more preventive stance has taken root. The public has become educated about the dangers of cyber threats, and more than ever; even laypeople understand the value and necessity of prevention versus recovery alone. Both are needed, expected and demanded in today’s shifting cybersecurity landscape.