In 2015, addressing the Women in the World conference, Amy Pascal, former Head of Sony Pictures, had this to say: “There was this horrible moment when I realized there was absolutely nothing I could do”. The moment in question was when Sony came under a cyber-attack(1) that put many people in the show business in an uncomfortable position. Fast forward to 2021 and the threat of a cyber-attack looms large, across virtually every sector that is exposed to digitalization.
Unlike in 2015, cybersecurity is no longer a human-scale problem — because enterprises now have a host of internet-facing applications, devices, assets, etc., which present innumerable ways that they can be breached. This is to say, the risks have outpaced ways in which the infosec teams can secure the enterprise through hands-on involvement. But thanks to technology, a sizable chunk of responsibility can not only be automated, but can also be made foolproof.
Integration for better visualization
As MAST Consulting Group set to formulate its Integrated Managed Security Platform (IMSP), we laid additional emphasis on transparency. This approach stemmed from our belief that a security posture is only as good as the level of visibility into asset inventory and attack surface; we cannot protect what we cannot account for. By factoring in data from all internet-facing components in the attack surface analysis and leveraging cutting-edge analytics, CISOs can gain continuous visibility into security issues. All cyber risks can thus be consolidated into a single reportable model.
Thereafter, the security posture carries scope for seamless integration, with new solutions and upgrades, such as SOAR, SIEM, UEBA, etc. Insight-led decisions can help CISOs predict attacks and detect vectors before they can go beyond the unpatched software vulnerabilities (CVEs). But most importantly, enhanced visualization enables CISOs to effectively analyze the scope for automation and edge towards a zero-assumption operating model.
Automated security posture: The unmaking of human-centric errors
To err is human. But sadly, the vectors can make you pay a hefty price for the slightest laxity. While most vectors target the organization’s loose ends in security posture, some target humans’ innate tendency to commit errors and be inconsistent. This is where automation can add a new dimension to CISOs’ efforts, through error-free asset discovery, 24/7 monitoring and anomaly alerting, and inventory management, among other laborious, repetitive functions that are time-consuming. MAST IMSP uses specialized AI and gamification strategies to automate several critical CISO functions. We enable a broad set of use cases that can automate the security postures in organizations of any size and niche.
Following the COVID-19 pandemic, as digitalization increased with remote working, the need to scale automation capabilities in security postures has garnered more consensus. In a comprehensive survey(2) of senior IT and IT security professionals, a resounding 55% of respondents cited the lack of automation as the #1 challenge in security operations and management, reflecting their inability to manually analyze and respond to the deluge of information generated by today’s increasingly complex security infrastructures. Disparate toolsets, obsolete technologies, and skill gaps are among the primary hindrances to optimally automated security processes.
MAST IMSP: Seamless integration, optimal automation, quantifiable value
At MAST Consulting Group, we have a risk-scoring approach to conduct an empirical assessment of security threats linked to all internet-facing assets. We leverage tested-and-proven methodologies like NIST, CISS, and Microsoft DREAD, to assess risks and act on them. Such cyber risk quantification and risk-based vulnerability management practices have enabled the creation of MAST IMSP, which has helped clients achieve real-time visibility of their asset inventories and attack surfaces, and mitigate vulnerabilities proactively.
Such resilient security postures not only reduce cyber risks but also increase the uptime of underlying infrastructure. And this can have far-reaching implications for business outcomes. MAST IMSP has had a quantifiable impact on business process optimizations, uptime of mission-critical applications, compliance to social and corporate governance targets, and accomplishment of long-term organizational vision.
That said, one outcome that has particularly encouraged us to continue innovating is the satisfaction of employees operating with foolproof security postures. This outcome is of great consequence considering a majority of CISOs are unhappy, to say the least; according to a survey(3), 91% of CISOs suffer from moderate or high stress. In the same survey, more alarming is the finding that the stress has affected the ability of 27.5% of CISOs to do their jobs. There are plenty of studies linking low employee productivity with anything from poor customer experiences, to the pressure of bottom lines.
There are instances wherein cyber-attacks have led to disastrous outcomes, undoing years of industry reputation. This is especially true in light of the increasing shift to customer-centricity. Data privacy and security have been among the most talked-about subjects in recent years, with brand reputation inextricably tied to them. And with digitalization expected to keep the momentum and reinforce the need for better cybersecurity, there has never been a better time to foolproof your security posture.