Halloween has been associated with horror and the altogether uncanny throughout the modern holiday’s history. For the most fervent followers of the mainstream version of All Hallow’s Eve, Halloween can be seen as an autumnal carnival in the classical meaning of the word—a day of reversals and subversions when normally suppressed passions for the macabre are indulged.
Of course, if you have even a passing interest in cybersecurity, you’ll discover the digitally macabre is a part of the enterprise’s daily life. And without wishing to push you into paranoia, good reader, this is not a bad thing.
The Digitally Macabre on Halloween
The most common and persistent issue modern enterprises and security experts alike face when trying to promote cybersecurity, shore up their defenses, or improve their platforms is one of want. Perhaps more accurately, it is a problem of absence.
Millions of cybersecurity jobs are left vacant due to the absence of security talent and expertise in the workforce. Plenty of enterprise-level security teams suffer for want of higher budgets to invest in better security analytics solutions. Moreover, their efforts to secure their businesses are hindered by the absence of cybersecurity knowledge among fellow employees and executive-level leaders.
Why does all of this happen? There are plenty of culprits, but the most likely are those found under the banner of what we term the digitally macabre: those specters lurking in the murky area between the analog and the online worlds.
For this Halloween, we want to discuss two ghosts potentially haunting your security analytics solution right now: Resignation and Obsolescence.
This one manifests in odd repeated phrases, in attitudes unchanged by your pleads and research, and in prevailing corporate cultures. The most common phrases of this spirit include:
- “What’s the point?”
- “Hackers will find a way in no matter what we do.”
- “They already have my data. Why bother trying to stay safe?”
Indeed, the number and extent of data breaches in the modern age have become overwhelming. Many security experts believe a huge swatch of users’ personal data, including passwords, is for sale on the Dark Web. With so much already exposed, it can be easy to assume nothing you, your employees, or your security can do will stop hackers from getting into your network.
Do not be fooled by this ghost; it subsists on self-perpetuating truths and self-fulfilling prophecies. There is still plenty for your enterprise to lose yet, including your most valuable digital assets proprietary data. You need to fight resignation on every level it appears in your enterprise. You can exercise it with proper cybersecurity training and keep it at bay with comprehensive incident response plans.
While it may feel like you can do nothing against such powerful forces, every action you take will discourage many hackers from haunting your network. With an incident response plan in place and in practice, you can mitigate the damage done should a hacker decide to target you.
There is no such thing as a digital exorcism…but this gets pretty close.
Here is another monster taking many forms. It can be the legacy security analytics or SIEM solution supposedly watching over your network and databases. It can manifest as an outdated misunderstanding of the threats and threat actors lurking at your online door. Or it can appear as a laissez-faire approach to software and firmware updates.
Obsolescence basically welcomes attackers of all calibers into your network. A legacy solution cannot possibly protect you from modern threats, no matter how well it worked in the past. Moreover, defending against the cyberattacks from the past means you’ll face future fights unprepared. Updates often contain their own security improvements necessary to continuing safe operations; neglecting them is a costly mistake.
Halloween marks the beginning of the holiday season and the final push of Q4 for the year. There is no better time to banish the specter of Obsolescence from your network before the new year becomes a reality rather than a promise:
- First, update your security analytics or SIEM solution to one capable of handling modern threats and demands.
- Second, make sure you understand the real threats facing enterprises today, and which ones are most likely to curse you in particular in the coming years.
- Third, take the time to make all software and firmware updates. It may be time-consuming but what it can save you, in the long run, is incalculable.
Depending on your choice of literature, you might know that to defeat a malignant spirit you must speak its name. Cybersecurity often appears scary, in part because the stakes are so high and in part because the demands it puts on your enterprise can seem daunting.
Yet if you allow cyber threats to linger in the shadows of your network, then you’ll never be able to feel safe in your own databases again. Don’t let these horrors dominate your thinking these Halloween. Take the steps to clear your network of evil presences with next-generation SIEM and security analytics.
Oh, and Happy Halloween.
Other Resources from Solutions Review:
- The 10 Coolest SIEM and Security Analytics CEO Leaders
- Get Your Employees to Embrace SIEM Best Practices!
- 4 Tips to Make Data Breach Detection Easier For Your Enterprise
- Enterprises: Don’t Become Complacent in Your Cybersecurity!
- Comparing the Top SIEM Vendors — Solutions Review
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020