Strategy and technology alone do not guarantee an effective cyber defense. Many organizations fall short because they lack the right mix of talent and capabilities, or aren’t using a strong and complete cyber security model, or have difficulty with properly executing the strategy.
2. 2
Internal and external factors add risk to an organization’s
cyber defense. Externally, an organization’s attack
surfaces are growing—from the increased volume of
connected devices, the expansion of the Internet of
Things and the growth of cloud computing. Internally,
many organizations lack sufficient rigor and consistency
in security operations—using a variety of processes and
capabilities that provide varying levels of effectiveness,
or aren’t deployed consistently across the organization.
Another issue is the high turnover rate within security;
many times key people leave and take unique knowledge
with them. Constantly changing IT environments also
make it difficult for the security team to track and
protect critical information. Security can have insufficient
visibility into the organization’s asset landscape due to
limitations of the tools and processes being used. Finally,
time is an issue; it takes an average of seven to eight
months to detect a breach.
Achieving operational excellence in cyber defense requires a
comprehensive approach that prepares for threats, predicts
and detects breaches, and then responds to and recovers
from incidents. Organizations need well-trained employees
who can react to clear-cut incident response plans and
procedures for different types of threats.
A robust cyber security operational model starts with
a well-defined strategy of how security supports
business performance. The model is centered on core
risk-management goals. It will prepare and protect for
potential threats by providing usable threat intelligence
and actively managing vulnerabilities. The model includes
forward-thinking capabilities to help scale activities
and references an IT strategy that provides greater
understanding of the organization’s assets, data sets,
technical and business functions.
The model enables security to defend and detect
intrusions using advanced analytics, also identifying
behavior changes that indicate security risks. An emphasis
on visualization helps identify anomalies quickly from large
volumes of data.
Organizations can respond and recover effectively by
employing active defense strategies and actively managing
security incidents, using platforms that guide operators in
hunting for threats. Training should mimic attackers—to
prepare teams for real-world adversaries—with activities
that encompass security operations and tie-in with strategic
channels in the business.
To achieve operational excellence in cyber security,
organizations can take specific steps to improve their
security operations:
• Assess the effectiveness of current security processes
• Invest in attracting and retaining skilled security talent
• Automate intelligently to leverage scarce resources
• Understand how threat data pertains to the business
• Identify what isn’t known
• Create a plan to address knowledge gaps
• Find an effective sparring partner that will improve
security capabilities
Organizations should focus on creating a highly efficient
operating model that balances security operations, new
technology implementation, testing of security posture and
feedback to update defenses.
The brutal assault on digital assets of organizations
worldwide looks to continue. Given the risk-filled
environment, organizations need the best operational
security capabilities possible to defend their most valuable
digital assets.
@AccentureSecure
Strategy and technology alone do not guarantee an effective cyber defense.
Many organizations fall short because they lack the right mix of talent and
capabilities, or aren’t using a strong and complete cybersecurity model, or have
difficulty with properly executing the strategy.
3. RESP
OND
PREP
ARE PRO
TECT
DEFEND
&
DETECT
Incident Response
Remediation
Strategy &
Business Alignment
Assessment &
Architecture
Governance, Risk
& Compliance
People & Culture Change
Application &
Data Security
Platform &
Infrastructure Security
Digital Identity
Vulnerability Management
& Threat Intelligence
Advanced Adversary
Simulations
Security Monitoring
Cyber Threat
Analytics
TRANSFORMATION
S T R A T E G Y
MANAGED
SE
CU
RITY
&
C Y B E R D E F E N S E
Cyber Security Lifecycle Model
3 Accenture.com/CyberDefensePlan