Press Center

Malware and antivirus software

News

ESET WORLD 2024: Building a proactive defense strategy featuring Forrester’s Madelein van der Hout

Created: 2024-05-30 10:29:40



Threat actors are developing new tools, phishing is getting more sophisticated, and AI is finally here. Organizations need to adapt and be proactive.

When you think about cybersecurity, it shares many similarities with strategic board games such as Risk, where players try to conquer enemies’ territories. To win, good players define their strategic assets, anticipate opponents’ moves, and create safe areas with limited access that allow further expansion.

The same can be said about companies and institutions trying to survive and thrive in the world of fast-evolving cyber threats, according to guest speaker Madelein van der Hout, a senior analyst from Forrester, a leading global market research company.

“Winning is everything. If you end up being second, you are actually being the first of the losers,” said Mrs. van der Hout during her presentation, hinting at potentially menacing outcomes of a data breach in a real-world scenario.

Using the popular game Risk as a metaphor for the cyber threat landscape, Mrs. van der Hout presented her insights into building a prevention-first approach in cybersecurity at the ESET WORLD 24 conference. After her session, she also kindly answered a few of ESET’s questions.

Strategic assets

Considering the current level of automation, cloudification, and remote working, there are numerous assets that institutions and companies need to protect, such as employees’ devices, customers’ data, or even IT Admin credentials, to name just a few.

But there are also other risk factors that are not directly caused by cyber-attacks. We are talking about pressure on both CISOs and security admins who bear responsibility for their organization’s cybersecurity and face a huge number of challenges including the financial consequences of cyberattacks.

For example, 97 percent of boards are expecting CISOs to deliver business value and 31 percent of boards will fire CISOs in case of a breach, according to Forrester’s research. This kind of pressure often results in high levels of stress and burnout.

Challenges faced by CISOs in 2024:

  • Changing/evolving nature of threats
  • Geopolitics
  • Regulations
  • Hybrid workforce
  • Economic pressure & cost savings
  • Integrating cybersecurity with business strategy
  • Complexity of IT environment
  • Lack of visibility
  • Talent shortage
  • Lack of comprehensive vulnerability and exposure management

Dealing with these challenges, 66 percent of employees working in cybersecurity stated that they are experiencing significant stress levels. Mrs. van der Hout took it a step further, surprising the audience with survey results revealing that among these highly stressed employees, 51 percent take prescription medicine and 19 percent drink three or more alcoholic beverages per day to cope with these challenges.

“We cannot meditate ourselves from (out of) cybersecurity burnout,” said Mrs. van der Hout, adding that there are some measures that companies can take immediately such as automated alert management or providing mental health support to employees.

But considering the current talent shortage, which exceeds 4 million unoccupied job positions worldwide, more measures will need to be taken.

Don’t dwell on the past

Be it a board game or real-world cybersecurity, adopting a prevention-first strategy relies on anticipating the opponents’ moves. But what Forrester analysts often see are companies making decisions based on what has happened before – i.e., using a rearview mirror. They set their priorities, create incident plans, and adjust their budgets, but when a data breach occurs, all this planning goes out the window.

“[Just like] how I flip the board [over] when I am about to lose a game, that’s how they flip their priorities for the upcoming year. Their investment profiles change,” said Mrs. van der Hout.

For example, in 2023, CISOs recognized the importance of the human factor in cybersecurity and increased budgets accordingly, but in 2024 their focus has shifted back to technological solutions.

And the situation has become serious. Within the last 12 months, 78 percent of surveyed organizations reported one or more incidents potentially compromising sensitive data. The estimated cumulative loss of those data breaches is on the rise in both the US and Europe and is now exceeding $1 million per company, according to Forrester.

How others play their cards

When moving to improve one’s game, it is often useful to see how others play their cards. To face current cybersecurity challenges, organizations need to follow current trends and learn from others. 

For example, AI and machine learning help cybercriminals create more sophisticated threats, but legitimate security organizations can also harness this technology to build more effective cybersecurity tools and processes. Moreover, identity protection is no longer strictly about protecting the identity of employees, but also of partners, customers, and even non-human identities, thus the term: “everything identity.”

Current trends in cybersecurity:

  • AI and machine learning
  • Quantum computing and blockchain technology
  • Expansion of OT&IoT
  • Zero trust
  • Everything identity
  • Increasing regulations and geopolitics

New legislation has also been adopted around the world, but Mrs. van der Hout pointed out that following legislation is not only about checking compliance boxes but also about helping companies to build stronger defenses. Therefore, security solution providers should retain trusted advisors, and governments should educate companies and citizens to achieve the desired level of resilience.

“Governments need to be clearer about what organizations need to do to comply with new regulations instead of having really vague articles,” Mrs. van der Hout said.

When learning from others, organizations should look at the strategic and tactical priorities of other players on the market.

Strategic priorities:

  1. Boost cloud security strategy
  2. Improve the ability to detect and respond to threats
  3. Enhance identity and access management for employees, partners, and customers

Tactical priorities:

  1. Improve application security and/or product security
  2. Improve access management and policies for employees and partners
  3. Improve security operations’ effectiveness

Building a proactive defense strategy

Taking all this information into account, let’s build some proactive defense strategies.

First, determine business-relevant elements of your strategy and consider that board members will expect it to deliver some value. Business and cyber security need to work together to shape a strong security posture to persuade both partners and customers, who are increasingly taking a proactive interest in their own security. 

With a business strategy set, look at possible risks and keep in mind that this should be an ongoing process. While doing this, make sure that you have proper data from cyber intelligence and advanced security technologies.

“And that’s not only about data collection. It’s also about action and response,” Mrs. van der Hout said.

Next step is to create a strong security culture within an organization as current Forrester predictions say that 90 percent of all data breaches will still include a human element.

“Looking at one cybersecurity awareness video while multitasking isn’t changing anyone’s behavior. So, when addressing awareness, please, move beyond videos. Make sure that your employees understand the importance of awareness and make security part of your organization’s culture,” Mrs. van der Hout said.

The final aspect of a proactive defense strategy is continuous improvement and adaptation. Instead of adopting one solution, and then setting and forgetting, organizations should review their defenses, close gaps, make adjustments, and ask for help if needed.

You are not alone

It is always nice to talk about the latest cybersecurity solutions and proactive defense but there are smaller companies or non-profit organizations that don’t have a budget for CISOs and high-end technologies.

When asked about this, Mrs. van der Hout remained in her winning mood, pointing out that even small companies can analyze their threat surface and set priorities. And what is more, the “good guys” in IT environments can help each other.

“We are operating in ecosystems where larger enterprises and SMBs are working together. We need to partner with each other to make sure that we are secure. Security should travel beyond just contractual agreements,” she said. 




About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.