Every organization is at risk of a cyberattack, but each organization addresses risk differently. No one expects SMBs to take the same approach to cybersecurity as a large enterprise, or a legacy organization to have the same appetite for risk as a startup. Similarly, how an organization defends itself from attack depends on various factors, including its size, type of industry, supply chain resources, approach to outsourcing and remote work, and global presence.
来自三个截然不同行业的安全领导者与 Dark Reading 坐下来讨论他们各自的网络安全计划。
John McClure is the CISO at Sinclair Broadcast, a major news and sports broadcasting provider in the United States, with nearly 200 televisions stations, streaming and digital platforms, and close to two dozen sportscasts. McClure says that while Sinclair faces many of the same cybersecurity threats that any organization faces, it is also considered part of the critical infrastructure because it carries emergency broadcast signals. One of the challenges that McClure has seen over the past five years is the disappearing network borders and finding ways to protect the network as 人们的工作方式 继续改变。
Doug Shepherd is the senior director of the offensive security services team at Jones Lang LaSalle (JLL), a worldwide commercial real estate company with 90,000 employees in more than 60 countries. For a long time, JLL was more of a brand than a company, Shepherd explains, but in recent years, it has become more cohesive and working together under the JLL model. The company’s cybersecurity concerns revolve around integrating all the different office networks into a unified model and consolidating individual security practices into one companywide policy, he says.
Luis Cunha 是 Aptiv 的安全工程总监,Aptiv 是一家汽车技术公司,在全球 170,000 家制造工厂拥有 165 名员工。 运营技术安全 Cunha 说,对于 Aptiv 来说,安全与信息技术一样重要,所有技术的端点安全都是一个主要问题。
安全团队规模
There is no “right” size when it comes to the security team. Some organizations have large teams, and others partner with third-party providers to offset small teams. That difference is very clear at Sinclair, JLL, and Aptiv.
当 Shepherd 第一次来到 JLL 时,大部分安全都是外包的,但现在安全团队有 100 人,他说。 然而,Shepherd 认为,考虑到公司的规模,该团队的规模有点小。
在这样一个分散的公司中外包意味着每个办公室都在制定自己的政策。 JLL 对统一安全的关注促使其决定放弃外包。 Shepherd 说,目标是减少对外包的依赖,并最终引入直接与安全人员合作的承包商。
辛克莱的麦克卢尔没有提供确切的数字——他只是说他的安全团队达到了行业平均水平。 在 Sinclair,安全由内部和外包处理。 Sinclair 依靠外包获得难以在内部招聘和保留的技能,例如 威胁搜寻,麦克卢尔说。
And then there is Aptiv, with 35 people on its security team — up from five on the engineering team a year ago, according to Cunha. Cunha thinks Aptiv has outsourced too much, which has an impact on the organization’s agility and flexibility. When you outsource, you lose the ability to change and react to security problems quickly, he says.
投资安全技术
组织投资何种安全技术取决于法规和合规性要求、组织发现的威胁类型及其技术堆栈等因素。 随着组织将更多的业务转移到云端,他们正在投资云安全。 随着向分布式计算的转变,身份成为一个更加关键的关注领域。
McClure 表示,Sinclair 正在投资多项技术,包括端点检测和响应 (EDR), 扩展的检测和响应(XDR)和端点安全,重点是身份和云安全。
McClure 说,广播提供商还依靠自动化来支持在其网络中驱动的数据量和速度。 虽然一些自动化功能是所用技术的固有功能,但该公司还利用 安全编排、自动化和响应 (SOAR) 跨多个平台的技术。
In contrast, automation is in its “very early days” for JLL, Shepherd says, as the organization moves away from outsourcing to in-house security. The company is focusing on endpoint and cloud security, and that is also where the focus is for automation. Shepherd is designing automation that pulls data from every endpoint every 15 minutes to look for indicators of risk in real time.
Shepherd 说,过去,安全在 Jones Lang LaSalle 是孤立的,因此当前的重点是建立技术,使安全团队能够更好地了解整个环境。
Aptiv 的重点略有不同,因为该公司正在寻求采用能够带来更高安全效率和质量的技术,更加关注 安全访问服务边缘 (SASE),库尼亚说。 Aptiv 还投资于其制造工厂的运营技术安全。 两种类型的安全都有很多不同的供应商,Cunha 的目标是更好地整合技术和供应商解决方案。 编排和自动化工具在集成安全工具方面发挥着非常重要的作用。
数据驱动安全之路
就 Aptiv 的 Cunha 而言,如果没有可靠的数据分析,就无法实现编排和自动化。 Cunha 说,工程团队使用数据分析来改进安全工具,为 SOC 带来搜索功能。 Cunha 的团队执行自己的数据分析,而不是依赖于平台。
Like automation, data analytics is still in the early stages at JLL, but the data is still useful, Shepherd says. JLL uses analytics to help determine what’s happening on the perimeter, he says.
McClure 说,数据分析用于控制覆盖范围和控制效率,因为它有助于 Sinclair 了解需要保护的业务和资产。
最大的安全问题
勒索软件是让 Shepherd 彻夜难眠的威胁。 他说,这是仲量联行最担心的问题,因为它会扰乱业务运营。
Aptiv 的 Cunha 担心的是影响数据责任和组织声誉的威胁,他说。 虽然网络钓鱼是一种常见的攻击媒介,但 Cunha 还必须应对针对运营技术的鲜为人知的威胁。
For McClure, ransomware and cybercrime are the biggest concerns, but he points out that cyber threats have not become more sophisticated. Instead, he thinks the barrier to entry for attackers has gotten lower, which is why there are more attacks. The attack vectors themselves, he says, haven’t changed much over the years, and cybercriminals are using the same methods to get into the system.
The volume of attacks is the greater challenge for organizations, McClure says, not increased sophistication in attacks.
