​Five questions every CSO should be able to answer

By Steve Hunter, Senior Director, Asia Pacific and Japan, ForeScout

Recent security incidents and the introduction of new data breach legislation across Australia and Europe are driving greater awareness around the need for cybersecurity best practices. This is causing many organisations to evaluate their current security posture and implement solutions to mitigate risk. 

Unfortunately, this often means businesses continue to layer on new, siloed security tools without maximising the value of existing tools or fully addressing underlying weaknesses. With more devices and endpoints connecting to networks daily, being able to secure those devices and prevent unauthorised entry into the network should be a top concern for security professionals. This is especially true because it only takes one compromised device to take down an entire infrastructure. 

Most security approaches rely on 20/20 hindsight. Without knowing what could happen next, businesses are reduced to reacting to what has happened, remediating attacks when they’ve already occurred. Changing this approach to let organisations become proactive and strategic about security depends on being able to answer five key questions right now: 

1. Does your organisation incorrectly assume it has the necessary (but often missing) security foundations? 
Complete, continuous visibility is essential for effective network protection. The assumption throughout the industry is that organisations have this visibility but the truth is that most organisations simply don’t have adequate visibility. 
Given it’s impossible to protect what can’t be seen, it’s important for organisations to avoid assuming they have visibility and take steps to confirm that they do have full visibility. 

2. How can organisations understand their risk if an unknown set of devices or endpoints are connected to the network?   
When organisations have partial visibility, they have an incomplete understanding of risk. When consumers take out household contents insurance, one of the first questions the insurance company asks is the value of their possessions. Without knowing exactly what they own, consumers can’t set a value on their possessions. Similarly, without knowing exactly what’s connected to the network, organisations can’t effectively protect it. 

3. What’s the first step toward quantifying the unknown unknowns on the organisation’s network? 
The vast majority of organisations are aware that there is a visibility gap but they’re not sure how to close that gap. If the network could talk, security professionals would ask it what’s connected. Typically, when the network is interrogated, the process unveils between 35 and 40 per cent more devices or endpoints than expected. Most businesses now have an expanded network, which only makes this harder. The only way to close the visibility gap completely is to ask all of the different networks directly. 

4. How can organisations avoid adding yet another siloed security tool? 
Organisations don’t want to layer yet another siloed security tool. Instead, they need to get more out of the tools they’ve already invested in. Businesses should ensure their next investment makes their existing tools better by providing visibility into everything on the network, rather than simply adding another discrete tool that adds cost and complexity without delivering actionable information. 

5. Can organisations quantify their wasted security spend? 
Organisations allocate a budget for security tools but these tools fail to completely protect the business without gaps. Consequently, some of that budget is wasted. Complete visibility lets businesses identify and recover that wasted expenditure and ensure security budgets cover 100 per cent of what they’re intended to cover. 

By closing the visibility gap and gaining full and accurate information regarding every single device or endpoint on the network, businesses can optimise their security budgets and protect their organisations more reliably. This will help businesses improve their data protection and comply more easily with data protection regulations.

Tags databreachchief security officer

Show Comments