Partha Chakraborty, Assistant Vice President and Head of Security Architecture – Enterprise Technology Services at Guardian Life Insurance of America, spearheaded a roundtable discussion on security architecture and strategy at the 2018 Chief Information Security Officer (CISO) Leadership Forum in New York on November 8. During the discussion, “Back to Basics – Focusing on Security Architecture & Strategy,” Chakraborty explored ways to help organizations bolster their security efforts.
Cyberattacks are increasing in complexity and volume. Today’s cybercriminals are using advanced tactics to target organizations of all sizes and across all industries. Meanwhile, organizations are responsible for finding ways to keep pace with cybercriminals.
Organizations frequently commit significant time and resources to analyze and address cyberattacks. Yet cybersecurity investments offer no guarantees. In fact, if an organization commits substantial time and resources to cybersecurity technologies that fail to meet its security needs, it could put its brand reputation, revenues, customers and employees in danger.
“Every day, we see a lot of breach news,” Chakraborty pointed out. “And every year, we get more and more for our security budget … yet the more we are spending, the more that cyber incidents are happening.”
Organizations must prepare for evolving cyberattacks. Otherwise, organizations that fall behind cybercriminals may suffer time-consuming and costly breaches. Worst of all, these organizations may lose customers due to the fact that they are unable to consistently protect customer data against assorted cyberattacks.
“Bad [cyber threat] actors are getting closer to making life-impacting harm,” Chakraborty stated. “And we have to be prepared for that.”
Ultimately, an organization must take a long-term approach to cybersecurity. Rather than search for a quick-fix security solution, an organization should find tools and technologies that enable it to address cyberattacks both now and in the future.
“We have a problem and we have to solve it and we are looking at S.O.S. [security] solutions, but we are not looking at the overall picture,” Chakraborty indicated.
It is paramount for an organization to take a comprehensive approach to review the cybersecurity technologies at its disposal, too.
Many cybersecurity technologies are available, and there is no one-size-fits-all security solution that works well for all organizations, at all times. With an in-depth approach to cybersecurity, an organization can assess myriad tools and technologies. This organization then can select a security solution that complements its day-to-day operations.
“There are so many [cybersecurity] tools and technologies … and we have to figure out which [tools and technologies] are critical for our businesses,” Chakraborty said.
Agility is a key factor relative to cybersecurity tools and technologies. If an organization prioritizes agility in its search for the right security solution, it may find a solution that it can use to address a broad array of cyber threats.
The optimal security solution should promote agility across an organization. This solution will allow an organization to quickly identify cyberattacks and ensure these problems have little to no impact on its employees and customers. Plus, the solution will enable an organization to keep pace with advanced cyberattacks.
“We need to look at agility from a process perspective and a technology perspective,” Chakraborty stated. “We have to be agile from a technology perspective and keep things simple. At the same time, we have to be agile from a process perspective to help our cyber fighters put up a solid defense.”
Furthermore, an organization should evaluate its cyber risks before it invests in a security solution. If an organization understands its cyber risks, it can find a security solution designed to eliminate these dangers.
“If we take a risk-based approach before we implement new technology … we can figure out which threats are applicable in an organization and how technology can be used [to address these threats],” Chakraborty indicated.
The push for cybersecurity tools and technologies likely will increase in the years to come. As organizations search for ways to alleviate cyber risks, they may devote extensive time and resources to ensure they are well-equipped to address cyberattacks before they escalate.
If an organization takes a data-driven approach to building a security strategy, it may be better equipped than ever before to make informed cybersecurity investments. This organization will understand the cyber risks it faces and can map out its cybersecurity investments accordingly. As a result, this organization could reap the benefits of its cybersecurity investments for an extended period of time.
“It’s easy to be driven by the desire for [security] technology, but that does not mean technology will meet [an organization’s] need,” Chakraborty pointed out. “Let’s build a security technology that is based on [an organization’s] need … and minimizes operational complexity.”