Cyber defense is a global whack-a-mole game with hundreds of billions of dollars being invested in offensive and defensive capabilities. After you invest in one area, another area of risk tends to pop up. What is the top defensive technology area to invest in right now? Is there a better cyber security investment?
Cyber is multifaceted
Cyber defense requires a multifaceted approach. Fragmentation is a natural consequence of the back and forth between cyber attackers and defenders: If we have an effective defence against a particular type of attack, adversaries will try another area, angle, or approach.
Over time this means we need many technologies to secure our organization. Like it or not, cyber defence is a global whack-a-mole game. It is an arms race, with governments and corporations investing hundreds of billions of dollars continuously in building out offensive and defensive capabilities.
We all know that we need a multifaceted approach. This involves people, processes and tools. We need to make sure that everyone in the organization is motivated and has the skills and resources to fight cybercrime. Beyond understanding why and how technology is critically important as cyberspace is tech-heavy.
What area do we need to invest in?
Unless you feel at ease with your cyber protection, the question is: What is the key technology area to invest in right now? This question is very difficult for most cyber professionals as most organizations under fund and under resource their cyber operations.
We posed this question to cyber professionals by posting a poll to LinkedIn. To eliminate bias, we conducted the poll twice (second poll), reaching out to two distinct networks of cyber professionals. Feel free to repost the poll and let us know what your results are.
The poll asked what areas to focus on: MFA, perimeter security, known vulnerabilities or education. The results, which were consistent between the two polls, were: known vulnerabilities at 49% , MFA at 29%, and perimeter and education each approximately at 10%.
Known vulnerabilities routinely exploited
The results of the poll make a lot of sense. Of course, all these areas are important and really need more investment. However, the NSA and CISA continue to warn that cyber adversaries routinely exploit known vulnerabilities.
If we look at major breaches, we see plenty of evidence supporting these warnings. Sophisticated attackers use a combination of hacking techniques, as we have seen recently with SolarWinds. Exploiting known application vulnerabilities is a big part of their arsenal and allows adversaries to move laterally and subsequently elevate privileges.
In reality we find that very few organizations are able to execute fully on a vulnerability strategy.
Why can we not eliminate known vulnerabilities?
Why are we not able to routinely eliminate our known application vulnerabilities? The answer is that it is a daunting task given the level of software that most organisations are operating in combination with the level of technical debt that most of these applications suffer from.
Some cyber experts call for continuous upgrading of all components. That would eliminate these problems. However, continuous upgrading is difficult for organisations that have a lot of applications. For instance, a typical North American bank has 600 software applications. Large banks tend to have many more. A lot of these applications are older and do not have active development. Therefore, routinely upgrading may not be practical.