Ukulinganisa isabelomali sakho se-cybersecurity ngo-2023

Bheka wonke amaseshini adingeka kakhulu ku-Intelligent Security Summit lapha.

Ukwazi ukuthi yiziphi izindawo okumele ugxile kuzo ku-a i-cybersecurity isabelomali sokuqhuba inani lebhizinisi elibaluleke kakhulu ikhono okufanele libe nalo kuma-CISO.

U-Deloitte usanda kuthola ukuthi i-cybersecurity iwumongo esekelwe emafini ukuguqulwa kwedijithali, okuhlanganisa cishe u-50% wempumelelo yezinhlelo. Njengoba bebheka ukulinganisa kanye nesabelomali njengesinyathelo sokuqala sokuqhuba izinzuzo zemali engenayo kanye ukuthuthukisa imisebenzi yaboama-CISO adinga ukusebenzisa wonke amathuba ukuze axhumanise ukusebenzisa kwawo imali engenayo.

Lowo mqondo ubalulekile kuma-CISO afuna ukuthola isikhundla sebhodi futhi abonise ukuthi ayakwazi ukusebenzisa ibhajethi ye-cybersecurity ukuze asize asekele futhi aqhube imali engenayo.

“Ngibona amabhodi amaningi ajoyina ama-CISO,” I-CrowdStrike umsunguli kanye ne-CEO uGeorge Kurtz uthe ngesikhathi kunenkulumo eyisihluthulelo emcimbini waminyaka yonke wenkampani yakhe i-Fal.Con. “Ngicabanga ukuthi leli yithuba elihle lawo wonke umuntu lapha [at Fal.Con and in the industry] ukuqonda umthelela wabo enkampanini. Ngokombono wemisebenzi, kuhle ukuba yingxenye yalelo gumbi futhi ubasize ohambweni.”

Umcimbi

I-Intelligent Security Summit On-Demand

Funda indima ebalulekile ye-AI ne-ML ku-cybersecurity nasezifundweni zamacala aqondene nemboni. Buka amaseshini adingeka kakhulu namuhla.

Buka Lapha

Ukwazi ukuthi kungakanani ukuhlanganisa kwanele

Lawo ma-CISO ayitholayo aguqula ubunkimbinkimbi bezitaki zawo zobuchwepheshe kanye nezindleko zokunakekela okuphezulu zibe amathuba okuqinisa athuthukisa ukuqina kwe-inthanethi, akhuphule ukubonakala nokulawula futhi anciphise izikhala ekumeni kwawo kokuphepha. Ukuhlanganiswa kunikezwa kuyo yonke i-CISO ethola ifa lesitaki esikhulu, esiyinkimbinkimbi nesibizayo esidinga ukuncishiswa ukuze kuthuthukiswe isikali.

I-CrowdStrike isheshe yahlonza isidingo sokusekela ama-CISO okufanele ahlanganise izitaki zobuchwepheshe ukuze asize ukushayela imali engenayo eyengeziwe. Ngokuklama isu lokukhula elizuzisa ukukhula kwabo kanye nokuma kokuvikeleka kwamakhasimende abo, i-CrowdStrike isiza amakhasimende athole ibhalansi engcono kakhulu phakathi kokuhlanganiswa nokutshalwa kwezimali okusha kusofthiwe namasevisi. Ngokunikeza indlela yokusebenza namabhentshimakhi asekelwe ngaphakathi, i-CrowdStrike inomlando oqinile wokusiza amakhasimende aqonde izinga elilungile lokuhlanganisa uma kubhekwa izidingo zawo zebhizinisi ezihlukile.

NjengoCrowdStrike, I-Palo Alto Networks uchaze a isu lokuhlanganisa kumakhasimende ayo. Nakuba amasu abo okuhlanganisa ehluka, womabili ama-CrowdStrike kanye ne-Palo Alto Networks abukeka eletha isilinganiso esikhulu ngokulondoloza izindleko kuyilapho eqhuba imali etholwayo ethengisa kakhulu futhi ethengiswa kakhulu. Ngayinye igcina ukugxila okuqinile ekutholeni ibhajethi kanye nokulinganisa okufanele.

Linganisa ubungozi ukuze uthole ukuthengwa kwebhodi

Ukuthengisa ibhodi labaqondisi kanye ne-CEO ngesabelomali se-cybersecurity kufanele kuqale ngokukuchaza ngendlela edonsa ukunaka ngokushesha futhi ethengekayo. Ama-CISO atshela i-VentureBeat ukuthi aphumelela kakhulu ekunqobeni izimpi zebhajethi ngokuchaza ingozi yemali engenayo yokungatholi indawo yebhizinisi, bese esebenzisa leyo datha ukulinganisa ubungozi be-inthanethi.

Ukuqinisa ngokwengeziwe icala lokugunyazwa kwesabelomali se-cybersecurity kudinga ukuchaza umthelela ongaba khona wokwephulwa kwezimali ezingenayo kanye nezingozi zokungabi nalo uhlelo oluthile lokutholwa nokusabela olukhona. Lokhu kufanele kubalwe ngedatha yobungozi be-inthanethi futhi kuqiniswe ngezilinganiso ezijwayelekile zomkhakha. Izikhulu eziyingozi eziyinhloko (ama-CRO) kanye nama-CISO abambisana futhi baphumelele ekubalweni kobungozi be-inthanethi basethubeni elingcono lokuthola isabelomali sabo ngezimali.

Ukulinganisa ubungozi be-Cyber-Risk kuyindlela yokuchaza nokwandisa isabelomali sezinhlaka zokuphepha ze-zero-trust kanye nezinyathelo.

“Ukulinganisa ubungozi kukusiza ukuthi uhlole inani lamaphrojekthi we-cybersecurity usebenzisa uhlaka oluvame ukuqondwa olubeka inani lezezimali esinqumweni ngasinye esibekwe phambili ngokususelwa ekufanekisweni kwezibalo zobungozi nokulahleka okulindelekile,” kubhala uMark Tattersall eposini lakhe lebhulogi. Ibhasi i ness Icala Ukuthola Ingozi.

Ukulinganisa ubungozi kubalulekile ekulinganiseni engqikithini efanele ukuze ama-CISO abe nemingcele yokwenza izinqumo ezingcono kakhulu.

I-Cybersecurity benchmarking ibalulekile ekukhuliseni ibhizinisi

Njengoba u-Kurtz akubeka ku-Fal.Con: “Ukwengeza ukuphepha kufanele kube isisetshenziswa sebhizinisi. Kufanele kube yinto engeza ukuqina kwebhizinisi lakho, futhi kufanele kube yinto esiza ukuvikela izinzuzo zokukhiqiza zokuguqulwa kwedijithali. “

Ukuphawula kukaKurtz kwafakazela ukuthi kuyiqiniso, njenge Ucwaningo lwe-Deloitte eyaqedwa kamuva ngo-2022 yacacisa ukuthi i-cybersecurity ibaluleke kangakanani kuzo zonke izinhlelo zokuguqula idijithali – ngefu elibaluleke kakhulu.

“Lokhu kusho ukuthi ezokuphepha manje seziwumshayeli wesu lebhizinisi kunokuba zingcwatshwe njengento okumele iphathwe futhi ikalwe njengezindleko,” kusho uChris Gilchrist, umhlaziyi oyinhloko eForrester, ngesikhathi somhlangano obuse. Forrester’s Security and Risk Forum 2022. “Ngamanye amazwi, ukuphepha manje sekune-latitude yokuvikela nokugqugquzela ukukhula.”

Emcimbini ofanayo, i-VP yakwaForrester kanye nomhlaziyi oyinhloko uJeff Pollard babambe iseshini enesihloko esithi “Cybersecurity Drives Revenue: How to Win Every Budget War.” Lokhu kunikeze isiqondiso esibalulekile, imininingwane kanye nohlaka oluwusizo ama-CISO angalusebenzisa ukuze achaze ibhajethi yawo ngokubonisa iminikelo yemali engenayo ayisiza ekuyivikeleni nasekuyenzeni.

“Uma okuthile kuthinta imali eningi njenge-cybersecurity, kuyikhono elibalulekile,” kusho uPollard enkulumweni yakhe. “Futhi awukwazi ukuphikisa ukuthi akunjalo.”

Ingxenye yesabelomali sohlelo lokuguqulwa kwedijithali olusekelwe kumafu kanye nokusetshenziswa kuncike kakhulu ekuvikelekeni ku-inthanethi njengengxenye yengxenyekazi ewumgogodla, futhi kusekela imizamo yama-CISO yokuvikela nokukhulisa isabelomali sawo ngo-2023. Umthombo: I-Deloitte 2023 Global Future of Cyber Survey, Disemba 6, 2022

Wonke umthengisi we-cybersecurity uyazi ukuthi uma engasiza amakhasimende akhe ukuhlela kahle isabelomali ngokulinganisa, inani lokuphila kwekhasimende (i-CLV) – enye yamamethrikhi abaluleke kakhulu empumelelo yekhasimende – izokhuliswa. Kungakho abathengisi benkundla yokuphepha ku-inthanethi abaholayo benezimpawu zokusebenzisa imali zangaphakathi abazinikeza amakhasimende kanye namathemba okwakha icala lebhizinisi.

Kungcono ukusebenzisa amabhentshimakhi ahlinzekwe ngumthengisi ukuhlonza izikhala ezibanzi i-cybersecurity kanye namathimba e-IT okusamele azicabangele emijikelezweni yesabelomali. Alikho iqoqo elilodwa lamabhentshimakhi elizofanelana ngokuphelele nezinselele zebhizinisi elithile, ngakho-ke kungcono ukucabangela isethi ngayinye njengemithetho yokuqapha ekwakhiweni kwesabelomali nokuhlela. Kunezinguqulo eziningi zeqiniso zokulinganisa ukusetshenziswa kwe-cybersecurity.

Amabhentshimakhi ambalwa kwabaningi atholakalayo yilawo asuka I-AT&T Cybersecurity, I-Boston Consulting Group, I-CSO ku-intanethi, I-Cybersecurity Dive, Forrester Planning Guide 2023: Ezokuphepha kanye Nengozi futhi I-SANS.

I-Clutch nayo isanda kukhishwa a isifanekiso esiwusizo ekhombisa ukuthi singakha kanjani ibhajethi ye-cybersecurity yamabhizinisi amancane.

Ukulinganisa ukusetshenziswa kwe-cybersecurity

Ngenxa yokuthi ibhizinisi ngalinye linesethi ehlukile yezinselele zokuphepha ku-inthanethi enziwa inkimbinkimbi ngokwethembela ekuthengisweni, ekusekeleni nasekuthengiseni amanethiwekhi, akunakwenzeka ukuba nebhentshimakhi eyodwa, eqondile kuzo zonke izimboni. Imihlahlandlela elandelayo ikhombisa ukuvumelana kwezinhlolovo zakamuva zebhentshimakhi kanye nezingxoxo ezenziwa yi-VentureBeat nama-CISO, ama-CIO kanye nabaholi bezokuphepha nezinhlekelele (SRM).

Iphesenti lesabelomali se-IT esichithwe ku-cybersecurity

Ngokwesilinganiso ngo-2022, amabhizinisi asebenzise u-9.9% wesabelomali sawo se-IT ekuvikelekeni kwe-inthanethi. I-Tech, ukunakekelwa kwezempilo kanye nezinsizakalo zebhizinisi (okuhlanganisa nomshwalense) zihola zonke izimboni ekutshalweni kwe-cybersecurity. Okukhathazayo ukuthi imali encane kangakanani imboni yezemfundo, yokudayisa neyokukhiqiza ekuvikelekeni kwe-inthanethi. Imininingwane engezansi iqinisekisa futhi ukuthi ubhubhane lwezokuphepha lwemboni yezokukhiqiza ludinga a ukwelashwa kwe-zero-trust.

Ama-CISO kuzo zonke izimboni ayacelwa ukuthi enze okwengeziwe ngokuncane, okwenza inqubo yesabelomali ibe inselele ikakhulukazi kwezemfundo, ukudayisa, ukukhiqiza kanye nezokuthutha. Umthombo: I-IANS & Artico, Ibhentshimakhi Yebhajethi Yokuphepha Isifinyezo Umbiko, 2022

Kumabhajethi amaningi, isofthiwe esekelwe efwini iku-20% kuya ku-25%.

Ngokuvumelana nezifundo zangaphambilini zika-Gartner kanye ne-IDC, ukusetshenziswa kwesofthiwe esekelwe efwini ngokuvamile kubalela u-20 kuya ku-25% wesabelomali se-cybersecurity. Isibalo singaba phezulu kakhulu kuye ngokuvuthwa kwamafu kwebhizinisi nomkhakha othile.

Isibonelo, kwezobuchwepheshe nokunakekelwa kwezempilo, i-CISOS itshela i-VentureBeat ukuthi ukusetshenziswa kwesofthiwe esekelwe efwini kungase kuhlanganise u-40% wesabelomali sabo uma kubhekwa inkimbinkimbi yesitaki sobuchwepheshe abasilawulayo kuwo wonke amayunithi ebhizinisi amaningi.

Ngokuvumelana namanye amabhentshimakhi ambalwa, u-19% wezabelomali zokuphepha ku-inthanethi ezezinhlelo ezisekelwe emafini, njengoba inhlolovo yakamuva ye-IANS ne-Aritco ikuchaza. Umthombo: I-IANS & Artico, Umbiko Ofingqiwe Webhajethi Yezokuphepha, 2022

Ama-CISO anika ama-20% ezabelomali zawo ekuvikelekeni kwengqalasizinda

Ama-CISO amaningi ahlose ukuvuselela izitaki zobuchwepheshe befa ukuze kuvikelwe ingqalasizinda, i-IoT, amasistimu okulawula izimboni kanye nezinhlelo zokusebenza namasistimu obuchwepheshe bokusebenza (OT).

I-Identity access management (IAM) kanye neprivileged access management (PAM) ziphakathi kwezigaba zebhajethi ezikhula ngokushesha kakhulu eziya ku-2023. Nakuba ucwaningo lwe-Deloitte luthole ukuthi amabhajethi angu-12% abelwe i-IAM, i-VentureBeat izwa ngama-CISO ukuthi lesi sibalo sikhula ngokushesha. kunemakethe naleyo cloud-based Izinhlelo ze-PAM zisiza ukuvala izikhala kuzitaki zobuchwepheshe.

Umthombo: Ikusasa le-Cyber lika-2021 ikusasa lika-2021 le-Deloitte Touche Tohmatsu Limited

Izifundo ezitholwe kuma-CISO asebenza kahle ekulinganiseni nasekubhajetheni

Ukubona ukulinganisa kanye nesabelomali njengenqubo ephindaphindwayo kubalulekile empumelelweni. I-CISO eyodwa itshele i-VentureBeat ukuthi umjikelezo wokulinganisa, isabelomali nowokulungisa izifundo udinga ukuba yingxenye ye-DNA yenhlangano ukuze uphumelele.

Ama-CISO aphinde atshele i-VentureBeat ukuthi idatha yokulinganisa iyahluka kakhulu ngesegimenti nengxenye yomkhakha, ngakho ukwazi izinselele eziyingqayizivele kubalulekile. Ukuqhathanisa idatha yokulinganisa kungathola izikhala futhi kukhombe lapho kufanele kuthathwe izinyathelo.

Isikhulu esisodwa senkampani ekhiqizayo sitshele i-VentureBeat ukuthi isici esibaluleke kakhulu sokulinganisa ukuthola izikhala okungekho muntu owake wazicabangela ngaphambili futhi wazilungisa ngokushesha ukuze uzivale. Leyo nkampani yashintsha imali isuka kwezokuvikela yaya ekuqiniseni i-cyber-resilience kwaqondana nohlelo lwayo lwe-zero-trust.

Ukwazi ukuthi ungazulazula kanjani kudatha yebhentshimakhi ukuze wakhe ibhajethi exhasa kokubili ukuqina kwe-cyber-resiliency futhi edonsa imali engenayo amabhodi wamakhono abaqondisi ayifunayo. Uma i-CISO iba ngcono ekulinganiseni kokubili, maningi amathuba okuba umsebenzi wabo uthuthuke.

Umsebenzi we-VentureBeat kufanele kube isikwele sedolobha esidijithali sabenzi bezinqumo zobuchwepheshe ukuze bathole ulwazi mayelana nobuchwepheshe bebhizinisi obushintshayo kanye nokuhwebelana. Thola Okufingqiwe kwethu.