Frank Voskeuil (Cegeka): More cybersecurity for the same amount of money: how do you do it as a CISO?
Still a gap
In practice, Voskeuil sees a large gap between CISOs and their boards of directors. “These are relatively often individuals who did not grow up with IT. Partly because of this, board members often ask the wrong questions and don’t always know how to make cybersecurity a value.”
The challenges are stacking up
Attackers have more and more opportunities and are becoming more professional. Moreover, the attack surface of organizations is growing rapidly due to developments such as working from home, bringing your own device, increasing digitalization and the fact that OT and IT are increasingly intertwined.
AI is also rapidly gaining ground. For security, this is simultaneously a curse and a blessing. “Thanks to machine learning in particular, we can now recognize threat-related patterns that we were unable to spot manually before. For cybercriminals, on the other hand, it can also be a powerful tool with which to refine their attacks. Think of hackers having scripts written by ChatGPT or cloning voices of high-ranking people to commit CEO fraud.”
Cyber resilience for business continuity
As an organization, you’re looking for as much return on security investment (ROSI) as possible. Outsourcing in the form of managed services may sound costly. But most organizations are unable to become truly cyber resilient – and that, according to the division director, is necessary to ensure your business continuity.
“As a digitally resilient organization, you don’t just focus on preventing cyber attacks. At least as important is that you detect them in time, respond to them appropriately (‘response’) and ultimately recover from them with the least possible damage (‘recovery’).”
Modern SOC for digital resilience
Many organizations aspiring to cyber resilience are opting for a managed security operations center (SOC). Traditional SOCs receive too many attacks and threats to handle manually, struggle with fragmented security infrastructure and are unable to create sufficient visibility. Parties such as Cegeka offer a modern SOC where security operations are more adaptive, responsive and automated.
Security orchestration, automation & response (SOAR)
A modern SOC with a SOAR layer, such as Cegeka’s C-SOR²C, has several major advantages. “Importantly, in consultation with the client, you can automate many of the responses. For example, we can automatically handle many notifications and reduce false positives. Do analysts have to handle notifications manually? Then the SOAR layer also helps them not only by enriching the information around the incident, but also by working through a standardized protocol workflow. And that benefits the quality and speed of the response.
” Not only does SOAR save analysts a lot of time, but it also raises the security level of organizations. “This is because unsafe situations are addressed faster, and thanks to the combination of a single integrated platform and machine learning, you can detect more threats. This way, with a small team, you can still keep an organization digitally resilient.”
Observability, also for the customer
The integrated platform is the basis for a Security Observability Dashboard, which provides a total overview of all security activities. “Endpoints, vulnerability management, network monitoring, cloud security, IAM, SIEM: you have a single page of truth for all your security issues.”
A dashboard provides SOC analysts with deeper efficient insights. Cegeka offers observability dashboards to customers so they can watch and gain insight into their digital security.
Awareness as an undervalued aspect
But security is not just about technology. It is estimated that some 80 to 95 percent of all security incidents can be traced back to people making mistakes or deliberately causing damage (‘insider threats’). A greatly undervalued aspect of security, according to Voskeuil, is awareness.
“Everyone across the company should receive security awareness training. At their own level and customized. After all, only with training that connects to one’s own experience will you create lasting awareness.”
Security is something we all do together
Security is a verb, Voskeuil emphasizes time and again. “It is never finished, partly because there are constantly new technologies and threats. Trade shows such as Cybersec Netherlands ensure that you keep up to date in these areas and help to connect. We are especially looking forward on November 1 and 2 to having many good conversations about cybersecurity.”