It’s time to give your cybersecurity defences a workout. “The bad guys have been at the gym over the past year and they are buff,” said Grant Asplund, Chief Security Evangelist for Check Point Software Technologies at a recent ITWC briefing. “If you’re not buff too, they’ll take you down.”
The pandemic has amplified the security challenges faced by organizations. Suddenly, all employees were working from home using “VPNs held together by wire and string,” Apslund said. Phishing attacks increased by 3900 per cent in the second quarter last year. Ransomware attacks almost doubled.
VIEW THE SIMPLIFY YOUR SECURITY BRIEFING ON DEMAND
WATCH SIMPLIFY YOUR SECURITY BRIEFING ON DEMAND
The potential damage from these attacks is becoming more serious, said Asplund. “Think of an insulin pump with an IP address,” he said. “Someone could administer a lethal dose.”
It’s a constant battle that causes organizations to seek solutions to each one of the attacks. “If they came at me with a club, I get a shield,” said Asplund. “Then they get a catapult.”
This leaves organizations with a complex patchwork of overlapping solutions. A recent study showed the most companies have between 16 to 40 solutions to manage. “It’s hard to stitch the systems and the intelligence together,” said Asplund. “It makes sense to look at it holistically. We have to get out of the silos and realize that everything is connected.”
As a result, it’s critical for organizations to find ways to streamline and consolidate their security systems.
Tips to consolidate and strengthen security
Consolidation does not mean a “forklift upgrade,” said Asplund. “You don’t have to throw everything out.” It can be done using software as a service, like Checkpoint Infinity, to manage the entire security estate with a unified policy and from a single portal. The Checkpoint service can manage security across 80 different products.
Asplund suggested that organizations start the process by having a discussion with executives to identify objectives and business outcomes. “If you don’t know where the goal posts are, you don’t know if you’ve scored,” he said. IT teams also need tools to identify where everything is in their infrastructure. “If you can’t see it, you can’t protect it,” Asplund added.
Management should encourage more interaction between developers and security to incorporate security by design. “Security and developers are like oil and water,” said Asplund. “Make the developers part of the security team.”
While training is important to address the human factor, Asplund stressed that tools should also be adopted to prevent mistakes. “It’s like a new car that has features to keep me in the lane and will detect it if I drift,” he explained.
Benefits of consolidation
Consolidation doesn’t solve all cybersecurity problems, said Asplund. “But it can give you one big throat to choke and free up other resources.”
With a unified architecture, the total cost of ownership for security goes down and the return on investment goes up, Asplund said. It increases operational efficiency by 50 per cent because it frees up resources to drive the business, “as opposed to reacting.”
Ultimately, a consolidated solution will improve security by increasing visibility to threats and leveraging threat intelligence across all enforcement points. “It’s clear that we have to build things a little differently for the world today,” said Asplund.