1 cybersecurity question all orgs should ask to stay secure in 2022 and beyond

Having spent most of my career in cybersecurity, I’m often asked: “Where is the next threat going to come from?”

I get it. If you know where the next threat is likely to hit, you can better prepare and mitigate risks. But in today’s rapidly evolving threat landscape, that’s the wrong question to be asking.

Because your adversaries are well-funded and endlessly patient, it is impossible to prepare for every bad actor or action they may take against your organization. Consider the Maui Ransomware as a recent example. Adversaries backed by Russia, China, Iran and North Korea are increasingly willing to attack commercial targets to sow frustration and confusion, which means you’re facing attackers more sophisticated than amateur cybercriminals.

On top of that, your operations are more complex than ever before. More organizations are moving to the cloud, which often means shifting to hybrid and multi-cloud environments. Add to this that more employees are working remotely, creating complicated attack lines to secure. At the same time, new tools are being adopted to keep up with customer demands and new digital challenges. This sprawling complexity creates more data sources and control points to secure.

These new tools and product developments can also introduce another risk to your operations: data silos. If you can’t access and make use of data from across your entire organization, it creates blind spots that bad actors are only too eager to exploit.

When you put all these factors together, a security incident becomes a matter of when, not if. In fact, a recent survey found that 9 in 10 enterprises have already been hit by at least one ransomware variant.

The crucial question

Given this reality, here’s the better question organizations should ask to stay secure in 2022 and beyond: How can we prepare ourselves to combat any threat, no matter where it hits us? In other words, it’s about cultivating cyber-resilience.

During my more than two decades in enterprise security, I’ve learned that no matter what investments you make in cybersecurity, there will always be gaps. If an adversary has enough time, money and motivation, they will find a way through even the most robust defense — even if just by luck. Attempts are happening every day, and you need to be ready.

Responding to the inevitable attack depends more than anything on access to rich, relevant operational data from every system. Organizations that have access to rich data are better able to protect themselves — and, as it happens, this is the same data that operational teams in the organization are already using: access logs, data change logs, updates to user lists and privileges, connection requests and so on.

Data and culture drive cybersecurity resilience

What you do in the heat of the moment matters. Executives who have weathered cybersecurity disasters effectively have one thing in common: They learn and adapt, and make those behaviors core to their company culture. The most successful leaders view security as a journey, not a milestone.

In this way, building cybersecurity resilience is closely related to building operational resilience. Whether you’re experiencing a security event or an application failure, resolving the problem often comes down to how quickly you can retrieve and analyze situational data. In those moments, your ability to recover will depend on your networks talking to each other and getting all that information into the team’s hands so a response can be deployed quickly.

This is a problem on two levels: data and culture.

You need end-to-end visibility into your data. Sampling isn’t enough to eliminate the potential for blind spots. Data needs to be available and accessible at full fidelity. Having a complete picture of your information is the foundation for a security operation that is flexible enough to adapt to new security technologies and scalable to monitor the ever-increasing quantities of data you’re managing on-premises, in the cloud and everywhere in between.

When it comes to culture, leaders should also promote curiosity in everyone. And when a breach occurs, focus on learning and hardening your systems. Empower your security and IT teams to throw themselves into finding out what happened, how far the attackers got, what resources were compromised and how the attack can be stopped. Leaders set the tone to make it clear that the priority is to learn as much as possible, collect a complete and comprehensive picture of the situation and respond swiftly with that information in hand.

If you focus too much on what went wrong and whose fault it was, you stifle innovation. Recently, I spoke with the team behind one of the largest digital financial services platforms in the world about their approach. They have created an environment where builders can build and don’t make tradeoffs between innovation and security resilience, which has a direct result on the organization’s success.

When you combine data visibility with a curiosity- and innovation-focused culture, you begin to create conditions for fast incident detection and response. Harnessing all your organization’s data and applying the right context and analytics enables your security teams to get the insights they need to deploy solutions before an incident becomes a crisis. Automation has a crucial role to play here, too — especially for organizations trying to make the most out of their limited talent resources.

Cyber-resilience and trust are one and the same

Broadening visibility and accelerating detection and response time will increase your overall cyber-resilience — and that resilience enables so much more than just your organization’s security. It supports trust in your business. It helps meet privacy and compliance requirements that customers and regulators care about. Perhaps most importantly, it empowers you to keep your focus where it belongs: On growing your business and staying ahead of your competition.

Cyber threats are a fact of life in the digital economy, but they don’t have to derail you. By prioritizing data-driven cyber-resilience, you can ensure your organization’s future is agile, innovative, and secure.

Gary Steele is president and CEO of Splunk.