Exploits & Vulnerabilities
Bringing Security Back into Balance
This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.
A growing tension has been proliferating in the modern enterprise, shallow, but just under the surface. The recent CrowdStrike outage punctuated this tension in dramatic fashion — and what we saw coming all along, is here now.
Revolutionary technology shifts come fast and are integrated quickly into the day-to-day operations of the business. In return, cybersecurity strategies to protect and enable these shifts need to evolve at the same pace.
Over the last three decades, we’ve ventured deeper and deeper into an era of connectivity. Starting with the desktop, to LAN configurations, the internet and the cloud environment, and now the reemergence of artificial intelligence. As cyber threats evolved and scaled in cost and damages, the focus of cybersecurity unilaterally turned to our number one competition — hackers. When this focus changed, we forgot cybersecurity is not only about our war against bad actors, but our responsibility to enable resilience and innovation.
As this technology evolution took place, so did the ownership of cybersecurity. Initially managed by IT operations, the responsibility of information security shifted to the SOC. This transition, while required, introduced new complexities and challenges, new metrics at odds with the goals of the enterprise, and a broadening gap between cybersecurity leaders and business executives.
This imbalance between the goals of cybersecurity and the business has influenced a persistent conflict — leading to operational inefficiencies, greater opportunity for adversaries, and a lost sight of the core mission of the SOC. Chasing disconnected security metrics at the expense of business continuity is an inherently flawed strategy. Now, the future of the cybersecurity industry balances on our ability to manage these two critical priorities.
Learning from the BSOD Event: The Imperative for Business-Aligned Cybersecurity
The catastrophic ‘blue-screen-of-death’ security event in July 2024 caused by CrowdStrike underscores the dangers of this imbalance. Lack of integration with the concerns of the business, irresponsible quality assurance processes, and a one-size-fits-all approach to detection culminated in failure.
Moving forward, a business-aligned cyber strategy is required. The pendulum needs to swing back into balance toward IT operations-driven prevention and risk management to minimise breach potential (proactively) and minimise reliance on traditional and needlessly aggressive “by any means necessary” philosophies for content updates.
As we saw in July, if the flaws associated with poor QA processes are systemic — a small twist in the next update can lead to a mass failure. The entire cybersecurity community must learn from this incident — just as we learnt nearly 20 years ago — and strive to prevent its recurrence.
At Trend, we believe good operations involves deploying updates in a staggered way — starting with our own environment. QA and phased roll outs are the most critical steps to ensure both cybersecurity detection excellence and business continuity. We also believe having excessive code running in kernel mode can cause greater disruption and potential for security gaps. We optimise this to maintain detection excellence and balance operational requirements.
Modular Agent Approach: Enhancing Security Outcomes through Flexibility and Precision
Simultaneously contributing to continuity risk are rigid single-agent approaches in the broader endpoint and EDR space. The concept of the ‘one-size-fits-all’ approach is not just outdated, but dangerously naïve in 2024. The call to action to the vendor community is clear: conventional one-track thinking won’t work to solve modern challenges or support continuity practise.
Our deep experience in the field lends itself to an adversary defence and protection truth: treating desktops differently from servers makes sense from both a security and operations perspective. Endpoint, server, and workloads have unique risk profiles and require specialised protection. A custom and modular approach is essential to protect the digital infrastructure while ensuring business resilience. Modules tailored for specific uses cases within a single delivery package enable cybersecurity leaders to turn on (and off) features and deploy what’s required, where it’s required, and when.
By strengthening the enterprise environment with bleeding-edge technologies like attack surface risk management and exposure management, cybersecurity teams and the businesses they serve can achieve a balanced approach that enhances continuity resilience through proactive measures carried out by the IT operations team. Integrating security operations and detection excellence with business continuity planning and ensuring neither is sacrificed for the other will be table stakes moving forward from this event.
Our Formula for Innovation: Strategies for Sustained Technological Advancement
At Trend Micro, we strike the balance between operational continuity and cutting-edge security operations with a formula for innovation that has kept us at the forefront of the industry for over 30 years. The formula is simple.
X = infrastructure changes + user behaviour – threats.
The formula is proven and continues to predict, shape, and secure the future of the industry. Its approach involves deep understanding and anticipation of infrastructure changes, proactively analysing user behaviour shifts, and pre-emptively addressing new threat vectors while ensuring each of these measures enhance rather than inhibit business operations. Through this method, we’ve made it a reality for companies to predict and anticipate adversarial behaviour well before it can occur.
AI Era's Impact: Elevating the Urgency for Alignment
The latest shift in infrastructure changes has been in artificial intelligence. The integration of generative AI into business operations presents new opportunities and cybersecurity challenges. Advancement in AI comes with a lot of promise we’re excited about.
Breaking down data siloes, enhancing business intelligence, and accelerating individuals within the enterprise require a new layer of sophisticated security strategies to protect this era of AI-driven operations.
This infrastructure evolution will reshape the future of IT and security operations and necessitate a closer relationship between the business and security operations with greater common ground and unified metrics to measure success. Cyber must go beyond detections to account for availability and continuity.
From Reactive to Proactive: Anticipate Your Adversary, Own Your Attack Surface
The majority (66%) of IT Ops respondents to our 2024 cyber risk survey say their organisation’s risk level is increasing. Their ability to answer with confidence marks a shift even from five years ago, when IT Ops teams had less visibility into real-time risk trends. The tools we’ve built natively into our cybersecurity platform for IT operations excellence have been helping close this gap.
That sense of mounting risk may also be due to what they cite as their topmost operational challenges: blind spots in the attack surface (17%) and the ability to prioritise remediations (13%). We know, what risk goes unseen can’t be mitigated.
In response to these trends, we can expect business leaders to be accountable to view risk more holistically: connecting business resilience and operational health, integrating security into the business strategy, and rebalancing security index vs. continuity index. Moving beyond chasing basic MTTx metrics, risk reduction and mitigation will become the language of the SOC as it already is for the business — providing the common ground to unify technical teams and the business without sacrificing comprehensive security strategy.
Cybersecurity teams who adopt this mentality can better anticipate, withstand, and recover from cyber incident through modern, agile, and forward-looking practises.
Operationalizing a Risk-Based Framework: Guidance for Cyber and Business Leaders
To operationalise this shift, cybersecurity leaders require regular cadence briefings with business leaders — quarterly at a baseline — for sharing and strategy development on quantified cyber risk exposure, risk remediation, business continuity, and defence practises. Proactive and continuous communication in these categories is essential to transition from reactive postures and evolve cybersecurity practises to include cyber resiliency. This expanded approach to cybersecurity and cyber resiliency encompasses risk measurement and reduction planning to enhance business resilience to cyber threats and operational disruption.
In practise, financial modelling cyber risk can help bridge the credibility gap in boardroom briefings by assigning tangible and common values to potential cyber incidents. This quantification allows cybersecurity teams to closely align with business priorities by demonstrating how cyber threats impact key business areas such as productivity, legality, reputation, and recovery. It also provides a clear financial rationale for business leaders to prioritise cyber resilience in their broader strategies enabling informed, risk-based decisions regarding cybersecurity investments and resource allocation. By translating cyber risks into quantified values — whether that comes in the form of scoring or dollar values — cybersecurity teams can communicate prioritisation and relevance to business leaders.
Embracing the AI Era: Transforming Infrastructure
This mindset shift is even more necessary following trends toward AI transformation. As AI adoption scales up, the time to revisit cybersecurity initiatives has come.
Our partnership with industry leaders like NVIDIA is aimed specifically at protecting the AI environment within the modern enterprise, ensuring its deployment is both powerful and secure. As businesses nascently rely on and integrate AI into its operations, the imperative to prioritise business continuity and data privacy becomes even more important within IT operations and the SOC. At the same time, Trend is pioneering the concept of the AI Mesh for the SOC, eliminating data siloes via a unified data lake, enabling accurate predictions, practising safe automation creation, and providing a common framework for security AI services to communicate.
A Challenge to the Industry: Charting the Path Forward in Cybersecurity
As AI transformation takes hold at scale, its critical to recognise the role of cybersecurity in all facets of the business — no longer a siloed concern, but an integrated component of broader business risk strategy. Prioritising cyber risk is an imperative trust practise with customers, staff, and stakeholders that will consistently pay dividends. We’re committed challenging and pushing the vendor community forward while equipping security leaders and businesses with forward-looking strategies and the most powerful tools in the market to safeguard data and keep you moving forward.
For organisations interested in learning more about Trend Micro QA best practises…
What can organisations start to ask for today? Companies serious about cybersecurity require transparency into their security partner’s practises. Drawing from our own best practises, here are some examples of the processes to enquire on:
- Continuity Planning: Leveraging Zero Trust models for all business-critical applications, this approach ensures business users can securely access applications even during potential disruptions. Our users have access to configurable options like content control versioning and scheduled tasks.
- Anti-BSOD Practises: Testing and quality assurance (QA) methodologies and safety mechanisms specifically design to identify driver and component issues at the development, testing, deployment, and recovery phase including phased deployments and recovery phase in the unlikely event of a pattern or content issue.
- CI/CD/Engineering Practises: Trend uses automated and human-based testing, cheques and verifications to ensure all updates meet stringent quality, compatibility, and performance cheques, including stability. These processes are built using industry-leading standards and are largely certified by third parties like ISO. Our ring deployment includes sensitive and mission-critical environment deployments.