• Tidak ada hasil yang ditemukan

Securing the future of business

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2025

Membagikan "Securing the future of business"

Copied!
10
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 10 Halaman )

Teks penuh

(1)

Securing the future of business

Preparing organisations for

next-generation threat management

(2)

Introduction

The current unprecedented crisis has resulted in widespread concerns amongst businesses, clients, consumers and communities worldwide, and is expected to have a significant impact on the global economy. The situation is acting as a catalyst for an ongoing business transformation.

While cyberattacks on organisations were common, the outbreak of the COVID-19 pandemic has led to a considerable surge in these attacks. Due to high reliance on technology, organisations are more fearful and attackers are more motivated. There has been an unprecedented rise in cyber incidents, with the number of cyberattacks on Indian organisations having doubled during the pandemic.1 Along with the recent surge in cyberattacks, there has also been a shift towards more sophisticated attacks exploiting the transformation underway.

It is very important for organisations to protect themselves against such attacks. The vulnerability management (VM) programme plays a significant role in protecting organisations, and is one of the most effective ways to manage vulnerabilities across the technology landscape.

However, organisations continue to face several challenges across the various phases of implementation of the VM programme. Even some of the leading global organisations that spend significantly on technology, manpower and processes in the VM programme continue to face challenges. Some of the challenges are the resource-intensive nature of the programme, a high number of vulnerabilities, difficulty in prioritisation, inefficient closures and lack of visibility.

As a result, it has become difficult for businesses and cyber security stakeholders to protect themselves from cyberattacks. Even though organisations are aware of these issues, they continue to struggle and find it difficult to address them.

Hence, there is a need to transform the traditional VM programme into a next-generation threat management programme by rationally identifying the areas of advancements and building adequate capabilities.

1 https://www.pwc.in/assets/pdfs/services/crisis-management/covid-19/covid-19-crisis-the-impact-of-cyber-security-on-indian-organisations.pdf

(3)

Organisations continue to face challenges with their VM programmes

Cyberattacks throughout this decade have seriously impacted organisations. These attacks not only result in financial and reputational losses, but also impact the trust built amongst customers. As the number of unique and new

vulnerabilities continues to rise, the failure to mitigate such vulnerabilities in a timely manner is making organisations more prone to cyberattacks.

The number of common vulnerabilities and exposures (CVEs) discovered in the last three years (2017–2019) has doubled compared to the three years (2014–2016) prior to that period.

It has been observed that organisations continue to struggle despite implementing a VM programme and equipping themselves with the latest tools and technologies. We believe that our years of experience and understanding of client problems in the domain of cyber security would help us in addressing the key challenges related to the VM programmes of organisations.

The average number of CVEs detected per month in 2020* is 60% higher than that in the previous year.

Number of new CVEs detected per year

0 0 0 0 0 0 894 1,020 1,677 6,520 5,632 6,484 6,447 14,714 16,556

1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019

1,5272,156 2,451 4,935 6,610 5,736 4,652 4,155 5,191 7,946 12,174

5,297

Year #CVE

2019 12,174

2018 16,556

2017 14,714

2016 6,447

2015 6,484

2014 7,946

Source: National Vulnerability Database

Is your VM programme facing these challenges?

Resource intensive and time consuming

Lack of a unified view on vulnerabilities and associated risks Failure to prioritise closure of vulnerabilities

Poor patch management and remediation processes

* As per data for the period between January 2020 and September 2020

(4)

Building next-generation capabilities to take VM programmes to the next level

Organisations need to equip their existing VM programmes with advanced capabilities to counter cyberthreats. The advanced capabilities will ensure coverage from business context perspective, prioritise vulnerabilities based on the risk, efficiently address the remediation challenges and rapidly reduce the risk by increasing the speed of fixing the vulnerabilities.

The future of VM should be equipped with the following capabilities:

• Risk-scoring algorithms based on the business context and external threat feeds to cover the entire lifecycle of vulnerabilities and exploits

• Use of organisation-specific threat models and patterns

• Use of intelligence and experience from past/recent incidents to decode patterns

• Use of mathematical algorithms and multiple factors to calculate the risk score

• Intelligent decisions taken on the basis of impact of remediation

• Correlation of vulnerabilities across the infrastructure and application

• Providing a holistic view of vulnerabilities and related exploits across an organisation

• Providing a unified/single view of risk scores across the organisational landscape, with the ability to drill down to asset levels

• Generating intelligent reports mapping the vulnerabilities-assets applications

• Unified robotic process automation (RPA) based solutions integrating different technologies/

processes (e.g. scan engine, asset database, incident management tool and threat feed)

• Bot-managed tasks, including conducting automated scans, monitoring remediation and notifying stakeholders accordingly

• Performing correlation and algorithms to prioritise remediation tasks

• Orchestrated remediation and closure validation

• RPA-based automation with a process-designer interface to customise/integrate new processes

• Integration capability with other processes such as a secure software development life cycle (SDLC)

• DevSecOps and configuration management to enable end-to-end and seamless vulnerability management

• RPA-based patch management and configuration management

Contextualised risk-based prioritisation

Unified view of risk across the threat landscape

Automated intelligent remediation

Agility to integrate new processes

(5)

1

Although the recent trends in vulnerability discovery indicate that the volume of newly discovered vulnerabilities continues to rise, the time period

between public disclosure of vulnerabilities and release of exploits is decreasing. As cyberattackers continue to take advantage of these vulnerabilities, organisations continue to face challenges in prioritising remediation.

We believe that some of the reasons organisations are unable to focus on and prioritise remediation of real risks are:

• dependence on the default risk score provided by their vulnerability scanner

• failure to factor in business context at the time of calculating the risk score

• the presence of a high number of vulnerabilities and a limited workforce to address them

• exploitation of vulnerabilities by attackers even before the remediation process begins.

Thus, assessing the precise risk score is critical because this allows stakeholders to take decisions about scheduling scans, prioritising vulnerabilities and allocating resources to remediate and protect organisations from cyberattacks.

While formulating risk-based prioritisation in every phase of a VM programme, it is important for organisations to consider the following factors:

1. Risk scoring using organisational context and external threat intelligence

Organisations must use a multifaceted approach for realistic risk scoring. The context for an organisation should be derived from the business criticality of assets and threat aspects associated with asset positioning, connected infrastructure, organisation’s baseline and architectural weaknesses. Additionally, exploitability parameters should be dynamically evaluated on the basis of real-time exploit feeds, threat intelligence and trending vulnerabilities.

The risk score of an organisation should be calculated using carefully crafted and self-learning mathematical algorithms encompassing the above factors.

2. Risk-based scanning and revalidation Sometimes, lack of scanning at the right time may result in vulnerabilities going unnoticed and leading to a compromise. Hence, the prioritisation and frequency of scanning should be based on the level of risk an organisation is exposed to. Similarly, more frequent closure revalidations are required for vulnerabilities with higher risk.

3. Remediation prioritisation based on risk and impact

The remediation of every vulnerability can be broken down into multiple sub-tasks.

The execution of these sub-tasks should be prioritised on the basis of the overall risk-posture change they bring to the ecosystem, the effectiveness of their implementation and their overall impact on the assets.

Contextualised risk-based prioritisation

Are organisations truly focusing on

the real risks?

(6)

2

There has been a continuous increase in vulnerabilities as cyberattackers have become more sophisticated.

Between 2015–2020, more than 70,000 new CVEs have been registered.2 While the number of vulnerabilities is increasing rapidly, the response to them is reliant on manual analysis, resulting in delayed remediation.

Most organisations continue to struggle with remediation of these vulnerabilities. Some of the challenges are:

• the increasing number of zero-day attacks

• dependencies on business requirements, original equipment manufacturers (OEMs) and exception management for remediation

• manual tasks related to analysis and following processes

• fragmented patch-management and configuration- management processes

• improper closure of vulnerabilities

• a high number of issues reported during scanning, including false positives and repeated issues

• the lack of skilled resources who can understand and resolve vulnerabilities.

Slow responses, ineffective closures and missing assets continue to provide an edge to cyberattackers.

Organisations should focus on faster closures and efficiency mechanisms to deal with these challenges.

1. Automated and integrated remediation Unified RPA-based solutions assimilating different technologies should be integrated (e.g. scan engine, asset database, incident-management tool and threat feed) into VM programmes of organisations.

Organisations should identify the opportunities to automate manual and repetitive tasks. Discovering assets, scanning, notifying stakeholders of critical vulnerabilities, tracking, rescheduling and rescanning are some of the tasks that can be automated.

2. Orchestrated remediation and closure validation

With predefined remediation policies in place, organisations should categorise their remediation actions and use automated remediation playbooks tailored to their specific environment.

3. Intelligent decision making based on asset context and patterns

Remediation of every vulnerability can be broken down into multiple sub-tasks, including implementation of compensating controls (alternative measures that decrease risks substantially). These sub-tasks are executed based on the context of a particular asset’s vulnerability.

The selection of sub-tasks should also take into account the strong correlation of vulnerabilities with various public databases (CVE, Common Weakness Enumeration [CWE], National Institute of Standards and Technology [NIST]), historical remediation actions (organisation specific), existing controls and threat modelling outcomes).

Automated intelligent remediation

Automated and intelligent remediation will allow

businesses to remediate vulnerabilities quickly,

consistently and accurately.

(7)

3

An efficient VM programme requires focus from each of the stakeholder who is part of the vulnerability life cycle.

Speed to closure can be attained when the risk is reported and closed rapidly, and this is possible when every contributor has the proper visibility of the insights to decide and act.

It is difficult for multiple decision makers to analyse and act on a detailed report, given the large number of assets and vulnerabilities.

Hence, there is need for a solution that provides a unified risk view of an organisation’s technology landscape, including:

• a dynamic view of organisational risk based on internal and external factors

• actionable insights based on the roles of stakeholders

• detailing of each asset, vulnerability, exploit and trending risk score

• a view of automated asset reconciliation, ownership of remediation and service-level agreement (SLA) compliance

• visibility of attack paths and a graphical view of vulnerabilities in the network topology.

Organisations should focus on building these key capabilities to address the abovementioned needs:

1. Holistic risk view across the organisational landscape

Organisations should consider establishing a dashboard (for the top management) that highlights the dynamic movement (automatic risk updates) of their overall risk profile and is able to drill down to each individual asset.

The dashboard should provide a holistic view of the vulnerabilities and exploits across an organisation’s technology stack. It should identify and prioritise the top threats on the basis of how exploitative they could be, as well as industry-wise vulnerability trends.

2. Live dashboards with real-time data feeds Near real-time updating of the dashboard, risk scoring and asset data, while information from scans, bots, correlations and threat intelligence is continuously fed into the VM programme are required for speedy closure and an accurate focus on vulnerabilities.

3. Visibility of attack path along with risk contributing factors

Risk formation of a particular vulnerability should be presented in a graphical view. This should visualise the risk contributed by various parameters and underlying assets .

Additionally, the attack path and kill chain prediction should be used to demonstrate potential outbreak scenarios.

4. Automated communication to expedite speed to closure

Communication is one of the most essential components needed for speedy mitigation of vulnerabilities/threats. Tasks such as notification of critical vulnerabilities, remediation, approvals, reports, tracking and revalidation actions should be automatically communicated to stakeholders without any delay.

A holistic view of risk across the landscape

The right focus comes with the right visibility.

(8)

4

The ongoing transformation in businesses continues to drive process transformation, cost optimisation and cultural transformation. These changes are affecting how the various phases of VM programmes deal with their associated processes. Hence, it is very important that VM programmes are agile and able to integrate new processes rapidly.

Traditionally, VM programmes run in silos and all the process-related tasks are executed manually with the help of technology. A huge amount of time and manual effort is spent on remediation activities and following up on various processes such as:

• root cause analysis

• patch management

• configuration changes

• application code changes

• exception management

• tracking and revalidation

• change management.

However, organisations continue to struggle with delay, inconsistency and ineffectiveness in executing each of these processes. These factors directly affect the speed of remediation and efficiency of a VM programme.

Hence, we believe that a VM programme should be capable of easily integrating these processes and driving remediation actions in an automated and efficient manner.

1. Ability to integrate new processes There should be RPA-driven process-designer capabilities to integrate new processes into a VM programme. They should also be capable of highlighting automation scenarios, potential process efficiencies and suggestions for integration with an organisation’s technology solutions.

2. Assimilation with core processes The components of a VM programme and the remediation outcome should be designed to be combined with the core associated processes. To begin with, SDLC and DevSecOps processes should be prioritised, so that scanning and remediation can run automatically while development and deployment are in progress.

Subprocesses such as configuration management, impact analysis, root cause analysis or change management should be automatically aligned with the VM programme and configuration management database (CMDB).

3. RPA-based patch and configuration management

A significant number of remediation actions are associated with patch and configuration. These remediation actions should be automated using RPA, with insights from pattern-based decision making.

Agility to integrate new processes

The VM programme should be easily able to

accommodate new processes.

(9)

Authors

Saritha Auti

Managing Director, Cyber Security PwC India

Mobile: 9916117035 [email protected]

Manish Gupta

Associate Director, Cyber Security PwC India

Mobile: +91 9868785141 [email protected]

Conclusion

The future of business is likely to bring in a new set of complexities. Challenges in VM programmes will continue to increase as hackers become more sophisticated and the cyberattack surface keeps widening.

Organisations that are prepared to adapt in response to these challenges will emerge as the real winners during such a crisis.

Speedy remediation of vulnerabilities is one of the core capabilities organisations require. They need to implement automation, integration and contextualisation in their VM programmes to have a risk-based view of emerging threats and vulnerabilities.

(10)

About PwC

At PwC, our purpose is to build trust in society and solve important problems.

We’re a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Find out more about PwC India and tell us what matters to you by visiting us at www.pwc.in.

In this document, PwC refers to PricewaterhouseCoopers Private Limited (a limited liability company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity.

This document does not constitute professional advice. The information in this document has been obtained or derived from sources believed by PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information is accurate or complete. Any opinions or estimates contained in this document represent the judgment of PwCPL at this time and are subject to change without notice. Readers of this publication are advised to seek their own professional advice before taking any course of action or decision, for which they are entirely responsible, based on the contents of this publication. PwCPL neither accepts or assumes any responsibility or liability to any reader of this publication in respect of the information contained within it or for any decisions readers may take or decide not to or fail to take.

© 2021 PricewaterhouseCoopers Private Limited. All rights reserved.

Data Classification: DC0 (Public)

Referensi

Unduh sekarang ( PDF - 10 Halaman - 647.03 KB )

Dokumen terkait

Future of the news function of printed press under the

Within such context, the number of electronic newspapers and news sites will continue to increase, new forms of smart phones and tablets will be developed, technological developments

Plastic landscapes, plastic identities: Akha identity on the threshold of definition

According to Forsyth and Michaud, hill people capitalise upon their capabilities within a shifting political and economic context—with the Akha adopting a system of composite swiddening

CRITICAL ANALYSIS ON EXEGETICAL METHODS IN FEMINIST EDGES OF THE QURAN AND THE RELEVANCE OF FEMINIST QURANIC SCHOLARSHIP WITH THE MALAYSIAN CONTEXT - Institutional Repository UIN Sunan Kalijaga Yogyakarta

COVER PAGE CRITICAL ANALYSIS ON EXEGETICAL METHODS IN FEMINIST EDGES OF THE QURAN AND THE RELEVANCE OF FEMINIST QURANIC SCHOLARSHIP WITH THE MALAYSIAN CONTEXT A THESIS Submitted

The Impact of Firm’s Capabilities on Digital Brand Performance of SME’s Online Business

The study examines the relationship between firm’s capabilities innovation capability, branding capability, market-sensing capability, human and organization capability and digital

Charting the Future of Malaysia's Maritime Industry

Nordin believed that the country needed to develop more marine engineers and naval architects who specialise in offshore engineering by Ms... COVER STORY | JURUTERA February 2012 8

The Role of ICT in Enhancing Organizational Capabilities and Business Performance

H2: market environment influences ICT innovation Information Communication Technology ICT mediates the relationship between organizational capabilities and company performance It

Strategies for Ensuring Appropriate Levels of Security at the University Level

This document presents 15 multiple choice questions at the university level that cover key aspects of information security strategies, including general principles, threat and vulnerability assessments, risk management, and security

Barack Obama is a threat to the future of African women

The USA alleges that Africa is a hotspot for terrorism due to its weak military capacities, but from where I sit, the USA is the real threat to peace and security in the developing