23 May The missing piece in the complex cybercrime puzzle

Abhay Pandey, Founder and CEO, MAST Consulting, looks at integrating security tools with a cybersecurity mesh.

In the developing world, people perceive digitalisation as a synonym for opportunities and possibilities. So, forward-thinking nations such as the UAE are receptive to disruptive technologies and innovations.

However, the promise of digitalisation does not apply only to those who seek to put it to good use; the opportunities extend to bad actors and hackers. The Emirates knows this all too well.

Check Point research found that while the global average increase in cyberattacks was 50% in 2021, the UAE experienced a 71% increase in cyberattacks per week on corporate networks. It is not hard to correlate the increase in cyberattacks with the pandemic-induced hurried digitalisation. Moreover, cyberattacks increased not only in volume but also in sophistication. As corporates hurriedly and haphazardly formulated business continuity plans and migrated to multi-cloud environments, neglecting critical security considerations, they invited trouble. Today, the applications and data of many businesses are hosted in multiple data centres run by cloud providers with different cybersecurity standards. The multi-vendor digital environment means that technologies and security tools largely function exclusively without much interoperability. No single vendor is equipped with security controls that are all fool-proof, sophisticated, and interoperable with other solutions. The interoperability gaps translate to siloed security postures, playing right into the hands of hackers. And because hackers tend to move horizontally across networks, working in tandem, they can capitalise on loopholes in a single access point. Therefore, businesses are increasingly witnessing a combination of attacks, such as phishing, DDoS, unauthorised access, etc.

Achieving integration

An approach proposed by Gartner, cybersecurity mesh involves a foundational support layer that enables distinct security tools and technologies to work in unison. The integration of security tools on a scalable and dynamic cybersecurity mesh will enhance a business’ agility and readiness against breaches and attacks. Gartner believes by 2024, organisations adopting a cybersecurity mesh architecture (CSMA) and integrating security tools to create a collaborative ecosystem will reduce the financial impact of individual cyberattack incidents by 90% on average. Such possibilities have profound implications for UAE companies, which, according to Cybereason, have paid a hefty price following ransomware attacks. About 84% of the UAE companies that faced such attacks paid the ransom— about 20% higher than the global average. Among the companies that paid, about 90% of them experienced a second ransomware attack, while 59% found their data maligned. The recurrence underscores fundamental issues in the security postures — such as silos —requiring more than stop-gap solutions: A consolidated approach.

CSMA: The consolidated approach

The core essence of CSMA is the consolidated approach. It is achieved through holistic policies and posture management. A cybersecurity mesh can effectively relay a central policy to individual security tools through native configuration translations. The entire posture can be centralised and viewed, enabling SecOps teams to take proactive actions in the event of an anomaly or alert. Consolidated dashboards also enable round-the-clock, single-window monitoring, increasing a business’ ability to respond to security events in real-time. CSMA also provides directory services, adaptive access, decentralised identity and entitlement management, and identity proofing — capabilities that are conducive to a ‘never-trust-always-verify’ cybersecurity culture. In such architectures, SecOps can seamlessly add analytics and automation tools to orchestrate and automate responses to specific events. Analytics tools consolidate security data and provide insights that can be leveraged to identify future threats and formulate appropriate responses beforehand. Such proactiveness is a prerequisite to secure business operations in today’s hyper-digital world.

Cybersecurity mesh is an attitude shift

The technicalities aside, CSMA is nothing but a structural shift in how cybersecurity is perceived by digital businesses. So, developing a zero-trust attitude towards cybersecurity is among the first steps required to adopt CSMA. Though a seemingly tedious process of constant network validation and cynicism, a zero-trust approach is vital, as the stakes are high today. Fortunately, automated threat detection and analytics-led decision-making in a consolidated environment such as CSMA simplify the tasks. Another key component of a cybersecurity mesh is well-trained SecOps professionals. As every business faces unique security challenges, the need for dedicated teams that can effectively reconcile organisational priorities with CSMA is paramount. When fostered early on, such teams can ensure that businesses can scale and expand seamlessly without fretting over interoperability or vendor gaps in security postures. Periodically, SecOps teams must be upskilled and trained to ensure that the cybersecurity mesh remains future-ready at any given time.

In the UAE, the Cybersecurity Council is constantly striving to thwart future attacks and build resilience and readiness. Among its options to achieve those objectives is mandatory reporting. In view of such probabilities, the case for the adoption of CSMA is compelling. Through consolidated dashboards, CSMA can help businesses churn out accurate reports and comply with imminent regulatory requirements. Gartner believes that, by 2026, about 30% of large organisations will publicly share environmental, social and governance (ESG) goals focused on cybersecurity — up from less than 2% in 2021. It is safe to say that the cybersecurity imperative is not lost on those businesses geared towards reporting and compliance. They stand to differentiate themselves and create more value because of fool-proof cybersecurity measures in place.