Intelligent CIO North America Issue 27 - Page 45

CIO OPINION the event of an attack by enabling security leaders to transfer cybersecurity risk to the insurance company .
But do cyber insurance premiums cover all ransomware attacks and are CISOs getting the gap analysis right ? Given all the risk inherent with cyber insurance , the requirements to obtain a policy has become increasingly difficult , on top of a significant trend up for the cost of protection , rising an average of 30 % year-on-year and there are no signs of this slowing down .
Compliance and reporting are a further challenge that CISOs cannot ignore . To be certified and compliant , not only must all standards and regulations be met , but security leaders must ensure adequate and timely reporting . So how can security leaders navigate these challenges ? How can they approach resourcing and what are the key technologies that will enable them to unlock best practices ?
Cybersecurity frameworks and mission critical technologies
The NIST Cybersecurity framework has been developed to guide IT security professionals in evaluating their security posture and improving their risk mitigation . This framework helps organizations to ensure that they have the right systems to provide an adequately robust approach to cybersecurity .
It covers five actionable risk management strategies : ‘ identifying ,’ ‘ protecting ’, ‘ detecting ’, ‘ responding ’ and ‘ recovering ’ from a cybersecurity attack . professionals often do not have the time to prioritize network security , these environments change constantly and require real-time analysis and augmentation .
Managed firewalls relieve security professionals from having to maintain the rule sets at the entry point to the network , while also providing the benefit of lessons learned from a broader set of organizations .
Even more critical to ensuring network security , CISOs need the intelligence in the network to look more holistically at the behavior of the traffic , incorporating different data sources and automatically identifying what is good and bad traffic .
From here , appropriate technologies must be employed , such as intrusion prevention , network antivirus and SD WAN to provide safety to all users in realtime and ensure seamless secure connectivity .
Detection
Today , organizations have more apps , more data , more locations and more remote users than ever before .
The end-user is the biggest vulnerability in any network environment and education is important .
Identification
No matter where the end-user is , vulnerabilities exist . Tens of thousands of new vulnerabilities are posted per year , approximately 55 new vulnerabilities are posted every day . While in-house IT teams can only solve some of these , around 5 % pose a real risk – those that can be remotely exploited and have already been weaponized .
It is critical to assess , prioritize and remediate the most important risks to the network and business with Continuous Risk Scanning , which provides a view of all assets that exist within a network environment and advises teams to focus on the vulnerabilities that most put those assets at risk .
Protection
With the explosion in distributed networks , data today lives everywhere . Enabling secure connectivity and managing it ‘ where it exists ’ – across multiple sources and devices – is part of the challenge . Where security
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 45