Inevitable security incidents: The unavoidable reality

Written by Thomas KinsellaCo-founder & CCO, Tines

Published on April 12, 2023

This article was posted more than 18 months ago.

Incidents are an inevitable part of security, no matter how airtight your processes and systems are or how small your company is.

Organizations saw a 125% increase in incidents from 2020 to 2021. Despite the tremendous amount of investments in security by major companies such as Uber, Okta, Microsoft, FireEye, and even the US Government over the past half-decade or so – they have all been successfully targeted by cyber attackers. This truth has long been accepted in security: if powerful entities can be infiltrated, every organization and start-up is vulnerable to attack. Security by obscurity is a myth!

Yet it’s not only the number of malicious attempts that’s a problem but how quickly your security team can respond to and neutralize them. Too often, security teams are ill-prepared to prioritize and act upon red flags when they first appear and chase false positives that delay their response times and steal their attention away from what matters most.

Fixing every vulnerability is unrealistic 

One of the main reasons security incidents are inevitable is that it's impossible to fix every vulnerability. To make informed decisions, many organizations rely on the Common Vulnerability Scoring System (CVSS), which assigns a risk score from 1-10, with 10 being an immediate call to action. While most security teams understand what exposures exist within their environment and have valid reasons for not urgently mitigating certain vulnerabilities, these must be continually reevaluated to avoid being taken advantage of. Priorities can change fast! This is why vulnerability management is critical to any cybersecurity strategy.

When the stakes are high, it's too easy for human error and missed alerts to slip through the cracks. With stretched-thin security teams struggling to keep up, the risk of cyber-attacks and other security breaches has never been higher. It's a challenging situation that demands creative solutions and a renewed focus on staying one step ahead of the game.

When a vulnerability becomes a threat 

When assessing threats and breaches, there's a severity scale that ranges from minor concerns (P4) to urgent alarms that require all hands on deck (P1). Sometimes, a P2 alert might not result in any data being stolen or compromised, but it could still be a sign of infiltration that requires attention. Unfortunately, security teams can sometimes get bogged down with their workload and overlook alerts that are initially lower on the scale. That can be a costly mistake if an incident occurs later on. A Root Cause Analysis (RCA) after any event will reveal if a previous alert was ignored, so it's important to stay vigilant and investigate every alert that comes through.

Whether due to a lack of budget for tooling, incorrect detections, or underdeveloped engineering pipelines, overlooking threats can create significant stress for those involved. Remember, security is a vocation for many in this industry - no one wants to be the person that misses an alert that leads to an all-out breach.

Competing priorities 

Finding a balance between competing business objectives while maintaining respect among colleagues can prove one of the most difficult challenges for those working in this field.

Since the responsibilities of cybersecurity and IT often overlap, strong collaboration is essential. Without it, security teams may be left dealing with the fallout from inadequate implementation or undervalued best practices, leading to burnout and missed opportunities. For example, multi-factor authentication (MFA) could be the difference between a secure network and an exposed one - yet IT might have other reasons for not adhering to security's best practices.

When different teams report to the same Chief Technical Officer (CTO) or Chief Information Officer (CIO), finding a balance can be even more difficult. Speed versus security, employee accounts crumbling, and vulnerable customer data - these can all fall under the same leader's umbrella to weigh up priorities daily. For example, patching vulnerabilities could mean impacting production; but not doing so can backfire disastrously if hostile forces achieve access first. There will always be tough calls that make or break business continuity.

Moving beyond reactive security strategies  

Security teams strive to spot potential vulnerabilities and respond before incidents occur - whether a severe breach or someone innocently clicking on the wrong link. We often say this, but there are no silver bullets in security, but one of the best ways to keep your organization safe is to practice proactive security measures - regularly updating security protocols, using MFA where possible, patching security holes quickly, disabling unneeded accounts and ports, and training employees on sound security practices. A strong strategy will give you the best chance to prevent breaches from occurring in the first place.

Utilizing no-code automation can also help in gaining more control of your environment. Relying on tons of different tools is the norm in security, but that often creates hours of manual work trying to connect the dots and uncover potential threats. This leaves security teams overburdened and flooded with suspicious activity alerts from various systems.

Tines serves as the glue between technologies that otherwise don't communicate well with each other. Incident response can be vastly improved by building automated workflows that deliver alerts with richer context and real-time information so that analysts can respond appropriately in less time. Let automation handle the repetitive aspects of security operations so that humans can do what they do best: apply their judgment when and where it matters most.

Visit the Story Library to explore ready-to-use automation workflows designed to help your security team stay ahead of the curve.

Built by you,
powered by Tines

Already have an account? Log in.