Cyber security leaders now recognise that an effective cyber strategy will include three key elements: identification of critical risks, visibility of tool performance to mitigate those risks, and the ability to drive investment efficiency. However, these elements are too often overlooked, tackled in isolation, or aren't given the resources required to be effective.
This article examines these three key elements and explains how to start making positive changes to make effective changes with an emerging approach to cyber security strategy.
Identifying Critical Risks In Your Threat Landscape
Risk assessment and threat modelling can be challenging because of the complexity of system and network architecture, making it difficult to identify and assess all potential threats. Your organisation's specific threat landscape constantly evolves, with new vulnerabilities and attack methods emerging regularly. Limited resources make it challenging to devote time and resources to threat modelling. Many organisations rely on assumptions about their assets, threats, and vulnerabilities that are often incorrect and lead to an incomplete threat model.
Identifying critical cyber risks is crucial for developing effective countermeasures as part of a comprehensive cyber security strategy. Limited recognition of your organisation's threat landscape means you won't know the complete picture of your organisation's vulnerabilities and potential risks. This will lead to poor prioritisation and contribute to an inefficient allocation of resources.
Assessing Cyber Tool Performance
Even with a clearly defined threat landscape, you must consider how your cyber security investments protect your organisation against those risks. Gaining this analysis of your cyber tools' performance can be challenging because collecting applicable metrics requires synthesising vast and varied datasets. Compounding this, not all organisations have the necessary data available, or the data is not easily accessible.
Effective cyber security strategy requires ongoing measurement and improvement of tool performance. Knowing how well your technologies are performing—by monitoring their efficacy and identifying where improvement is needed—is crucial to ensuring they provide an acceptable level of protection.
Different cyber security tools and systems may use conflicting data formats and structures, making comparing and aggregating data from various sources difficult. This is a common source of inconsistent metrics, so interpretation becomes challenging, as they won't provide a clear picture of the performance of a tool or approach. Quality issues such as incomplete or inaccurate data may also challenge collection, leading to metrics that need more value.
Organisations must fully identify the capabilities and limitations of the cyber security tools they have invested in or risk underutilisation of those tools. As discussed, integrating new cyber security tools with existing systems makes rolling out the tools to full capability challenging. Organisations may need the personnel with the necessary skills and knowledge to implement and maintain tools, again leading to underutilisation.
Driving Cyber Investment Efficiency
Difficulty identifying risk and assessing cyber tool performance make driving efficiency in your cyber investments challenging at best and impossible at worst. Compounding this is the need for cyber security leaders to balance the need to protect against cyber threats with budget constraints.
As the complexity of your organisation's IT infrastructure increases, it becomes ever more challenging to collect metrics at scale, leading to incomplete data and a lack of granularity. Collecting metrics can be resource-intensive in terms of the time and money required to collect and analyse the data.
Often governance and oversight are limited. Purchasing and performing initial deployments of tools is undertaken, but there needs to be an ongoing focus on capitalising on the complete capabilities of the deployed solution. Lack of visibility often drives reduced oversight as organisations do not have the tools or capabilities to monitor the performance or efficiency of their tools and therefore don't realise they are being underutilised.
Because of the often-limited resources available to cyber teams, cyber security investment is often under-utilised. Therefore, you must ensure you get the most out of the tools you do have. This includes evaluating the cost-effectiveness of different security measures and identifying areas where resources could be better allocated.
A Tale of Two Approaches
Organisations often focus on risk from one of two perspectives—external (outside in) and internal (inside out).
An external focus on threat intelligence provides threat volume, complexity, and sophistication; attack surface management to understand cyber hygiene; and digital risk protection to identify pre-attack indicators.
Internal looks to facilitate compliance-based audits to demonstrate the effectiveness of cyber security programmes, which provide point-in-time evidence of control effectiveness to assure their customers, suppliers, business leaders, and other stakeholders.
Figure 1: some example internal and external approaches to cyber risk management.
Consolidating internal and external approaches is the only way to facilitate a complete view of risk and allow your organisation to identify areas for improvement, optimisation, and investment.
A Path To Effective Cyber Strategy
Despite these challenges, organisations can take positive actions to overcome them. They can adopt a risk-based approach to cyber security, which involves continually assessing and reassessing risk and adapting the security strategy accordingly. Continuous Threat Exposure Management (CTEM) is an emerging approach. It is a five-step program for achieving long-term, sustainable cyber resilience. Published by Gartner, the process emphasises a consistent and continuous approach to identifying, assessing, and mitigating security risks to an organisation.
It differs from traditional risk-based vulnerability management (RBVM) by proposing a pragmatic and practical approach to prioritising potential threats and corresponding remediations on the rapidly growing attack surface.With CTEM, you combine all relevant data points to get a complete view of risk.
Gartner predicts that CTEM will become the most effective method of prioritising security investments by 2026. Those that adopt this approach will be three times less likely to suffer from a breach.
.webp?width=887&height=512&name=6606f883-5481-4db9-970e-9b87525355a7%20(1).webp)
Figure 2: Gartner's CTEM cycle.
Deploying CTEM
By aggregating various data sources—including threat intelligence, governance, risk, and existing security investments—you can address gaps in your current tools, highlight improvements, demonstrate potential cost efficiencies, and help deliver maximum value from IT investments.
A dynamic, threat-led approach creates a unique profile for your organisation, identifying the most critical risks and creating a model of malicious behaviours to prevent. Continuous capability data helps identify areas of improvement and group them into projects to promote a culture of continuous improvement.
.webp?width=1920&height=1080&name=0ab34add-92a1-4c81-ac82-5d13c2000c54%20(1).webp)
Figure 3: a typical CTEM deployment.
There isn't a one-size-fits-all approach to deploying effective CTEM, so starting with the most critical aspect is essential. This comes down to your organisation's specific needs, which typically fall under one (or more) of these categories:
- Insight: a consolidated, high-level view of the most critical aspects of your cyber security environment. Think of this as the things you, as a cyber security leader, need to empower you to start making correct cyber decisions.
- Threat: a bespoke threat model unique to your organisation that means you can interpret how you're being targeted and the malicious behaviours you must prevent.
- Compliance: an analysis of your performance against compliance frameworks, your controls' deployment and maturity, and what you need to improve.
- Measure: visibility over how well your tools operate through native APIs and surfacing performance and efficiency metrics.
- Improve: a roadmap for your security programme to track your continuous improvement plan.
Using a combination of these five aspects will help you, as a security leader, to better evaluate your cyber security strategy in the context of the risks you face and make more informed decisions about your security investments. You will be able to identify areas where improvements are needed and take action before a security breach occurs.
It's not just about understanding your risk; it's also about driving efficiency in your cyber investments. Evaluate the cost-effectiveness of different security measures and identify areas where resources could be better allocated. This way, you can ensure you get the most out of your cyber investments and stay within budget constraints.
To discuss how Arco can help empower you to make the right cyber security decisions, please get in touch.
