Story image

Addressing cybersecurity transparency for stronger protection

20 Sep 2017

Security firm Aleron says that cybersecurity management is a complex problem and transparency can result in even more ambiguity.

Because every organisation uses different processes to security, this can result in inefficiencies and weaknesses, the company says.

If organisations are to stop attacks, they need to have clear views of the threats they face and the ability to develop risk mitigation strategies.

“Two things are happening every day: new cyberattacks are launched; and new tools and solutions to combat cyberattacks are introduced. The rapid pace at which the threat landscape is evolving makes it difficult for senior managers to know if the company’s investment in security is effective,” comments Aleron director Alex Morkos.

“On top of that, there is often disjointed communication between security teams and senior leaders. This is partially because highly-skilled cybersecurity professionals often lack sophisticated business communication skills.”

According to Aleron, there are five key challenges to achieving transparency:

•  Getting a clear picture of the cyber threats they face 
•  Understanding if their investment in cybersecurity solutions is effective 
•  Making well-informed cybersecurity decisions that meet the organisation’s overarching objectives 
•  Accessing the skills and resources needed to effectively protect the organisation 
•  Managing security governance and compliance. 

“Cybersecurity is a boardroom problem, yet information about cyber risks is not delivered as transparently and as clearly as it could be to that senior level, thus hindering board members’ understanding and ability to respond appropriately. To combat this problem, organisations need to find a better way to communicate the risks internally and respond appropriately,” Morkos says.

Organisations should consider choosing systems that allow accurate and simple views of the current risks, as well as ones that detail which risks businesses should focus on.

The company says that organisations must invest in tools and systems that also help them understand security risks, self-asses and gain quick insights into their security options.

Compliance tools can also accelerate problem identification, saving businesses time and money before an attack strikes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.