Plagued by tool sprawls, complex network requirements and human collaboration gaps? Time for organizations address the human element in cyber defense…

With numerous studies showing that a majority of data breaches and cyber incidents involve human error, the writing is on the wall: an organization’s cyber posture has an Achilles’ heel that can render the best cyber technology investments moot.

And with threat actors getting even more empowered via generative AI and emerging AI-powered tactics and techniques, cyber defenders in 2024 need to stop chasing their own tails while state-sponsored threat actors escalate the risk landscape to a point of no return. 

How? By refocusing on improving human collaboration, empowerment and synergies, streamlining technologies, removing siloes and thereby boosting all-round organizational observability, according to Paul Wilcox, Vice President (APJ), Infloblox, in an interview with CybersecAsia.net.

CybersecAsia: In your view, who are the key players at the center of a dynamic cybersecurity posture in an organization? Are they the ones fully responsible for establishing cybersecurity resilience? Or does resilience have to encompass whole-of-organization involvement?

Paul Wilcox (PW): Today, the key players have evolved — what was once the responsibility of security leads and IT teams, has now shifted to the whole organization.

Companies are now embracing the approach of bridging operations, like Security Operations (SecOps), Developer Security Operations (DevSecOps) and Network and Security Operations (NetSecOps). The significance lies not in the introduction of new technologies or paradigms, but rather in an ongoing cultural shift wherein everyone assumes responsibility for cybersecurity, and it becomes intrinsic to all aspects of how the organization operates.

Paul Wilcox, Vice President (APJ), Infloblox

Vectors of attack have become more available than before — due to the adoption of new technologies and applications. Moreover, with remote working, there is a pressing need to broaden security parameters. By ingraining cybersecurity within the organizational culture, security becomes an inherent part of work processes, rather than being reliant solely on security teams to deploy new technology as a reactive response to threats.

CybersecAsia: Despite heavy investments in cybersecurity products, why are businesses still falling prey? What are the current trends in the cybersecurity and networking space right now, and what are the challenges ahead of trends?

PW: In recent years cybersecurity budgets have soared, yet cyberattacks continue to rise. While the technology is effective, the problem lies in the fact that humans are still a huge part of the defense. Cyber threat actors are using advanced technology, yet we are relying on human intervention to safeguard our systems.

For example, protective DNS is frequently underestimated by security teams, with the mistaken belief that human intervention alone, or technologies such as firewalls, can effectively protect against threats, thereby overlooking the vital role that automated DNS protection plays in mitigating these risks. However, the solution is not to acquire more technology, but to catch the threat earlier or at the beginning of the kill chain. 

Organizations need to put the spark out before it becomes a blaze. Developing better strategies to address the problem at the beginning can help avoid costly decisions when the problem escalates. For example, every device that communicates with the internet calls upon DNS. With a protective layer defending the DNS, security teams can see the first action that the device takes. If the assessment of the action is bad, teams can immediately stamp out the spark.

In my opinion, rather than spending big sums on the latest cybersecurity devices, a more foundational approach should be considered. This includes consolidating efforts, such as uniting security with networking, to see if these problems can be stopped earlier, for less effort and complexity. 

CybersecAsia: What are the common pitfalls that businesses in APAC are facing today when it comes to prepping a cybersecurity strategy? What are the solutions available to help mitigate these issues?

PW: Firstly, it is the initial decision to adopt a strategy — most organizations tend to focus on solving problems in isolation. Successful organizations often construct their strategy based on an ecosystem, wherein a network of interconnected products communicate, share information and data, and collaborate to address challenges. For instance, Product A can quickly alert relevant personnel about issues, which triggers another component to proactively address and resolve the problem — the key is not to buy the same brand or suite of products, but to automate workflows and ensure tools can access shared information, through native integration or application programming interfaces.

Secondly, it involves the growing adoption of hybrid and multi-cloud environments by businesses to maintain their competitiveness, which adds complexity and broadens the scope of potential cyberattacks. Therefore, there is an urgent need for a unified experience across various cloud platforms, offering comprehensive, real-time visibility and control. Businesses must unite networking and security seamlessly across any environment.  

CybersecAsia: In a people-centric cybersecurity corporate culture, can insider threats be masked more easily? How about people outside of the organization, such as in supply-chain risks?

PW: Insider threats can be more challenging to detect because of employees’ increased access to organizational systems and data. Hence, there is a need to emphasize a culture where everyone comprehends the consequences of their actions. By instilling a strong sense of accountability, reinforced by the implementation of regular inspection processes, this practice becomes ingrained in the organization’s DNA and reduce the likelihood of insider threats going undetected.

While insider threats are assumed to be malicious, it often stems from a lack of awareness rather than intent. There are a number of good technical controls to overcome the genuine (or accidental) threat, but primarily it is the corporate culture and level of accountability that have the most significant impact. A people-centric cybersecurity culture puts emphasis on making cybersecurity simple for people — when it is complex, it is easier for people to fail. 

On supply chain risk, the challenge is in the growing complexity of interoperability in IT environments. If a warehouse’s remote camera fleet is hacked, it may lack adequate protection. Simplifying and ensuring every connected device shares the same technology enhances the ability to swiftly address such issues. In prioritizing people, we should aim to streamline threat identification — effectively minimizing problems early in the kill chain.

CybersecAsia thanks Paul for taking the time to share his cyber landscape insights with readers.