The increased focus on data and analysis in recent years has emphasized the information-gathering aspect of cybersecurity. As a process of collecting and analyzing data about potential threats to an organization’s information systems, the mantra of the cybersecurity space today hinges on collecting as much data as much as possible.

The more we know about how attackers work, the better we can secure our systems. However, the weakness of this approach is evident if, as a report shows, an attacker only needs two days to breach the network perimeter of 93% of organizations, with credential compromises being the most common leeway, at 71%. Considering how much investment goes into enterprise cybersecurity, which stands at $179 billion in 2022, it does not look like organizations are recording much success.

Hence, the traditional approach to cybersecurity information gathering is ripe for a comprehensive review. The critical nature of cybersecurity today requires businesses to deploy tens of tools and services at once to secure their network perimeter.

Some of the most popular methods of gathering information about threats and attacks involve a variety of techniques, including vulnerability assessments, penetration testing, and network monitoring. While these methods can be effective in identifying and mitigating cybersecurity risks, they also face several challenges that can limit their effectiveness.

1. Vulnerability assessments

Vulnerability assessments typically focus on known vulnerabilities, but may not be able to identify unknown or emerging threats, which become zero-day attacks. In an attempt to mitigate against such attacks, vulnerability assessment systems started to generate a large number of alerts, many of which may turn out to be false positives.

This can be time-consuming and resource-intensive for organizations, as they must investigate each alert to determine its validity. Of course, since such systems rely on human analysts to interpret and act on the assessment results, there is an increased risk of human error, which can lead to missed vulnerabilities or false conclusions.

To maximize the benefits of vulnerability assessments, though, cybersecurity coach Christian Espinosa says “it is wise to use tools that fully understand the context and business focus of scanning environments.” These tools can provide a comprehensive understanding of the environment, allowing for more tailored and effective scanning.

2. Penetration testing

One major challenge of pen testing is that it typically focuses on a specific set of systems or devices, and may not take into account the broader context of an organization’s information systems. This can lead to a narrow view of an organization’s cybersecurity risks.

More so, since a simulated cyber attack is only as effective as the scope and methods used, and may not identify all potential vulnerabilities, organizations must be cautious about relying too heavily on this method. This is especially critical because the complexity of modern information systems and their large number of interconnected devices and systems can make it difficult for penetration testers to acknowledge and thoroughly test all potential vulnerabilities.

One more challenge of conducting pen testing is the traditional outsourcing approach that most organizations take, which cybersecurity CEO Ashish Gupta described as ‘slow, inefficient, and lacking transparency.’ The hassle of waiting for available testers with the required skills does not match the sense of urgency with which cybersecurity operations should be conducted.

All other approaches have their specific challenges too; so it’s up to an organization’s leaders to determine what is best per time. Still, cybersecurity leaders need to think beyond traditional models of checking vulnerabilities via simulated tests.

3. Network monitoring

Cloud computing, which has become a default work model these days, is a major challenge for network monitoring because, in such environments, the responsibility for security is typically shared between the cloud provider and the customer. This can make it difficult to determine who is responsible for monitoring and protecting specific assets and data.

In some cases, organizations may not have direct access to the data and systems in a cloud environment, which makes it difficult to monitor and protect these assets. Not to mention how multi-tenant cloud environments increase the potential for security breaches, as an attack on one tenant could potentially compromise the data of other tenants.

Calls for organizations to rethink network monitoring are not new. For some experts, it means embracing more deep learning and artificial intelligence. More so, network detection and response tools that can carry out decryption are efficient for mitigating cryptic ransomware attacks, according to CSO Online.

CRQ: The Way Out?

Amidst all these, one emerging solution area is cyber-risk quantification; it is highly promising because it is the melting point of information gathering and decision-making. Yet, CRQ is not just any kind of information gathering. It specifically focuses on analyzing the financial impacts of cyber threats on an organization. Reports have shown that 50% of post-breach costs come from long-tail impacts, and in certain industries, this is around 24% after two years.

Many organizations do not go that far in their risk mitigation and management efforts. However, by evaluating the whole picture of cyber breaches, via CRQ, decision leaders will be compelled towards proactive choices. According to Bob Kress of Accenture, “Leading boards have recognized that they are largely self-insured for the economic impacts of cyber risk and are starting to do the challenging, but not impossible work of quantifying their cyber risk exposure levels.” This highlights the increasing importance of a holistic cybersecurity strategy that quantifies the real impacts of potential breaches of organizational networks.

Conclusion

As you must have noticed, this piece was not intended as a wholesale condemnation of traditional cybersecurity practices, especially since they are still widespread. However, while traditional methods of cybersecurity information gathering continue to play an important role, they must be supplemented with a range of other approaches to effectively protect against today’s increasingly complex and sophisticated cyber threats.

The evolving nature of the threat landscape and the need for organizations to continuously adapt and update their approaches to information gathering make these inevitable. Therefore, organizations must adopt a holistic and proactive approach that involves a combination of technical and non-technical measures.

******

Expert Insights

Dale Shulmistra comments, “For cybersecurity to be remotely effective against today’s threats, it must be multi-faceted and constantly evolving. Information gathering is an important component to any plan, but it is far from failsafe, and is both costly and time-consuming.   While the goal is always to prevent an attack using all the processes, training procedures and technology available, that isn’t always possible. Even with preventative measures in place, infections can and do still happen.   That said, being prepared with a response needs to be part of the cybersecurity plan. For example, technology that allows for early detection and data rollback are critical components to survive an attack as well as having a plan to contain the damage and notifying authorities.”

Dale Shulmistra is Co-founder of Invenio IT and Data Protection Specialist.