By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Cybersecurity validation to tackle threats that can go unnoticed
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Enterprise > Cybersecurity validation to tackle threats that can go unnoticed
EnterpriseSoftware

Cybersecurity validation to tackle threats that can go unnoticed

Alfred Siew
Last updated: August 13, 2020 at 6:20 PM
Alfred Siew
Published: June 16, 2020
5 Min Read
PHOTO: Mabel Amber from Pixabay

With businesses rushing to provide access to remote workers in recent months, one big challenge that has come up is cybersecurity. Many old practices simply don’t work any more with the new arrangement.

One response is to throw more solutions at emerging problems, including more VPN (virtual private networking) ports for more users or adding another Web application firewall.

Perhaps what’s more important is knowing if one’s existing cybersecurity solutions are actually working as advertised, according to a growing number of experts, who are championing a relatively new practice called cybersecurity validation.

After all, businesses continue to get attacked despite more defences being put up. Fifty-five per cent of attacks infiltrate businesses unnoticed, while 68 per cent of ransomware attacks are also unnoticed, according to a FireEye report out last month.

To arrive at the results, the cybersecurity vendor ran thousands of tests across 11 industries, from real attacks to specific malicious behaviours, on network, e-mail, endpoint and cloud solutions.

What it found was worrying. The 123 security technologies it tested against could only detect 4 per cent of reconnaissance activity and could not prevent data from being stolen 67 per cent of the time.

While businesses continue to invest significant budget dollars in security controls and assume they are fully protected, a majority of the tested attacks successfully infiltrated their production environments without their knowledge, according to the report.

In many cases, businesses may be running solutions “out of the box” and have not set them up to work correctly, said Steve Ledzian, FireEye’s chief technology officer for Asia-Pacific.

Different groups in a business such as developers, IT teams and cybersecurity teams may also be changing, say, firewalls settings and not having full visibility of what is going on, he told Techgoondu in a recent interview.

But will adding yet another technology solution – cybersecurity validation – help businesses that have already installed dozens of solutions to keep out the bad guys? Well, their proponents think so.

After all, the majority of businesses in the United States have no idea if their security tools are working, according to a report released last year by AttackIQ, another validation solution provider.

In this study carried out by Ponemon Institute last year, it found that 58 per cent of the companies surveyed were increasing their cybersecurity budgets but 53 per cent of IT experts admitted they did not know how well the tools they had deployed were working.

“When processes and solutions like this fail, many companies respond by throwing more money at the problem,” said Larry Ponemon, founder and chairman of Ponemon Institute, in a news report on Help Net Security.

“Further security spending needs to be put on hold until enterprise IT and security leaders understand why their current investments are not able to detect and block all known adversary techniques, tactics and procedures,” he added.

While penetration tests and bug bounties are useful, these are usually only carried out periodically, perhaps not more than a few times a year. Using the same experts in these exercises may also expose the testing to familiar patterns and leave other loopholes undetected.

What cybersecurity validation does is to carry out tests more regularly, for example, to detect different types of attacks from reconnaissance to infiltration.

These tools will ask if a system has seen it send data from one point in a network to another, for example. If the security control reports that it has not blocked the activity, then a human operator can fix these controls.

With these tests automated and run continuously, they can offer a much clearer and timely view of how vulnerable a business is, despite the many cybersecurity solutions it has in place.

FireEye’s Ledzian said that this has resonated with many chief information officers and chief information security officers (CISOs) who are often called now to board meetings to explain how well prepared a business is in warding off attacks.

Like chief financial officers who can give a quantifiable, measurable answer of a company’s financial health, now CISOs can use the validation results to offer a quantifiable answer to say how secure it is from cyberattacks, he noted.

HP’s cloud strategy to target digital media, government and finance in Singapore
Amid coronavirus crisis, a good time to turn to teleworking
Samsung Galaxy Nexus finally out in Singapore on Feb 11, in white and black
Citi Mobile Challenge debuts in APAC
Tibbr customers: Building a social enterprise
TAGGED:cybersecurityFireEyeMandiantsecurity effectivenesssecurity validation

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
ByAlfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Goondu review: Sony ZV-1
Next Article Companies embarking on digital transformation are open to outages, so data protection is crucial
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Thermomix TM7: A German kitchen helper that cooks Singapore chilli crab
Internet
July 11, 2025
Grab goes driverless with electric shuttle trial for employees in Singapore
Enterprise
July 10, 2025
Samsung slims down Galaxy Z Fold 7, packs in 200MP camera in major upgrade
Cellphones Mobile
July 9, 2025
Singapore expands AI assurance pilot to test AI agents, detect prompt injections
Enterprise Software
July 7, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Follow Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?