Complex cyber threats call for resilient security structures

The cybersecurity landscape is complex, dynamically evolving and filled with disruption and threats.

Malicious cyber-actors are more determined, attack vectors more sophisticated, and changing models of work are opening up new avenues of vulnerability and risk.

Organisations are looking for stability, certainty and refined tools and techniques that will allow them to successfully navigate this landscape.

They need a unified, resilient, and dynamic security architecture that’s capable of addressing the challenges and complexities of traditionally siloed security architecture to ensure their own resilience and security within a hybrid and multi-cloud environment.

The 2022 NTT Security Holdings Global Threat Intelligence Report collated global attack data from 1,500 enterprises across more than 800 billion logs processed each month to unpack the landscape, its risks and some of the key challenges.

It found that there was a 30 per cent increase in hostile activity with the web applications. Application-specific attacks are also on the rise.

The report also revealed that a new vulnerability was registered every 24 minutes in 2021 with 21,957 vulnerabilities in total - the highest on record.

The problem is that organisations are still sitting within their siloed approach to cybersecurity enforcement, which is inadequate in securing against modern-day threat actors.

Many appreciate the gaps (limited visibility, delayed manual detection, and very reactive response) that is inherent within their current approach but aren’t sure how to leverage existing security tools to create a unified platform.

They don’t know where to start. It’s an understandable sticking point - they have to find the solutions that really work for them in a multitude that all promise the same thing, and then they have to optimise them to deliver the right layers of security within their unique operating environments.

Expertise is one of the biggest hindrances to organisations achieving holistic security.

The other challenge is the underlying structures within the business. Often, different security tools have different custodians within the organisation. There’s a firewall falling under the infrastructure team, application security falling under the cybersecurity team, and data loss prevention falling under the risk department.

Companies need to harmonise these different stakeholders to ensure that the tools under their custody are integrated and operate as a single platform otherwise there is a risk that they will limit one another and create more complexity than is needed.

Of course, one of the biggest issues that circles around security is cost. One of the biggest misconceptions is that achieving a unified security architecture is expensive.

When tied into the skills gap and perceptions around security complexity, organisations are quick to assume that architecting for holistic and unified is expensive, complicated, difficult to handle and requires constant coordination of different stakeholders to achieve even a modicum of transformation.

The reality is different. Yes, there is a cost attached to unifying security architecture and overcoming obstacles inherent within legacy systems. And in pulling together all the security threads that run throughout the organisation.

However, a focused move towards a unified system that disbands the silos and architects for visibility results in measurable cost savings. It allows for the business to rapidly identify gaps and vulnerabilities, streamline security costs and systems, and redefine roles and responsibilities. Each of these steps tangibly reduces the cost to the company across talent, system and risk while introducing a more agile and scalable security posture.

When you take an integrated approach, you can ensure that your multi-cloud or hybrid cloud infrastructure is protected across endpoints with security controls that span the network level, firewalls, access control workloads and applications.

And that these solutions share a context to a common or unified platform that embeds a standardised approach to your security enforcement and consolidates your systems.

A managed security service provider has the right tools to refine your architecture across these touch points while overcoming the skills gap. You can use their expertise to maintain and manage your environments -  ensuring your security tooling is relevant to your organisation.

The writer is a technical solutions architect at Dimension Data East Africa