State of Security Research Zeroes in on Data Strategies

The past year was monumental for security leaders, with both the COVID-19 pandemic and the SolarWinds attacks challenging our traditional approaches to security. Overnight, the pandemic forced the rapid shift to remote work — and the exponentially faster shift to cloud technology that it helped drive. This came with less visibility into the technology ecosystem, less control of access points, and a larger, more varied attack surface for hackers to target.

In the midst of this massive shift came the largest supply chain attacks we have ever seen. The impact of these two events will be felt for years and be a defining moment for the careers of many of us in the security industry. 

Unfortunately the attacks have continued, with the DarkSide ransomware attack and the CodeCove supply chain attack hitting this month — before many could implement the security strategies necessary to stay ahead of emboldened adversaries.

New research, sponsored by Splunk and released today in The State of Security 2021, provides the first look into the post-SolarWinds landscape. We still have a lot of work to do, but there are reasons for cybersecurity experts to be optimistic. 

Researchers at the Enterprise Strategy Group, working with Splunk, surveyed more than 500 security and IT leaders worldwide only two months after the SolarWinds attacks were first discovered. The data suggests that organizations had not yet gotten their heads around the risk of one of the most dramatic supply chain attacks seen to date. Specifically, our research found that:

• Only 47% of CISOs had briefed executive leadership or their boards about the implications of the SolarWinds attacks in the two months since they had been disclosed  — meaning that vulnerability not just in that hack, but to supply chain attacks in general, had yet to become a board-level issue.
• 78% of companies expect another SolarWinds-style supply chain attack.

The State of Security report points out that supply chain attacks are not the only challenge facing CISOs. We also need to evolve our security strategies to address the increasing complexity of hybrid, multicloud infrastructures. The rush to more remote work and to expand cloud and digital technologies as a rapid response to the pandemic exacerbated these challenges. 

The research does offer encouraging signs that change is already happening. One bright spot is the relationship between security and IT teams: 83% of respondents agreed that collaboration had improved during the pandemic. For security, almost 90% of organizations also said that they are increasing IT spending, and 35% said they are “increasing significantly.” 

Here are more findings from the research:

• 75% of cloud infrastructure users are multicloud today.
• 87% expect to use multiple cloud service providers two years from now.
• 76% of respondents say that remote workers are harder to secure.
• 53% say attacks have increased during the pandemic — and 12% call it a significant increase.

Now that we have this data, where do we start? We start by contemplating what Splunk CEO Doug Merrit discussed at the annual RSA security conference last week: Data is essential to an effective cybersecurity program. Data is central to identifying and responding to any security threat. Security is indeed a data problem.

We’re living in the Data Age, in which the backbone of any effective security strategy, especially after COVID and SolarWinds, must center on data. Data is not only what we’re protecting, it’s what lets us optimize our investments and effectively communicate risk and mitigations. It’s what tells us when threat actors are knocking at the door or have already snuck in. 

To effectively use data, we need to start by adopting a zero trust strategy, which is built on limiting the access to data and resources until a connection is proven secure. We are continually evaluating existing and emerging threats and the techniques, tactics and procedures (TTPs) these threat actors leverage, so that we can remediate any weaknesses. In addition, we need to deploy a modern security operations center (SOC) built on an intelligent and scalable data platform with full automation capabilities to catch threats, identify anomalies and shorten response cycles. 

Lastly, we must also use data to improve communications, threat intelligence sharing and vendor trust. Take supply chain attacks: Software providers, like Splunk, have a duty to conduct a regular refresh of our vendors and ask them how they mitigate the risk of emerging threats. We then need to communicate that to our customers, as we did after the SolarWinds attacks. A robust and flexible platform is required to audit and share this data at scale with our customers and the community as a whole.

The past year presented challenges for security professionals, but it also opened opportunities, unlocked budgets and galvanized support at all organizational levels to build stronger security practices. I’m highly optimistic that security leaders are leveraging the current momentum to accelerate improvements and stay ahead of intensifying security challenges. 

For more, including recommendations for improving your security posture, get The State of Security 2021.

----------------------------------------------------
Thanks!
Yassir Abousselham