Continuous Cyber Attacks: Achieving Operational Excellence for the New NormalExecutive Summary

2

Internal and external factors add risk to an organization’s cyber defense. Externally, an organization’s attack surfaces are growing—from the increased volume of connected devices, the expansion of the Internet of Things and the growth of cloud computing. Internally, many organizations lack sufficient rigor and consistency in security operations—using a variety of processes and capabilities that provide varying levels of effectiveness, or aren’t deployed consistently across the organization. Another issue is the high turnover rate within security; many times key people leave and take unique knowledge with them. Constantly changing IT environments also make it difficult for the security team to track and protect critical information. Security can have insufficient visibility into the organization’s asset landscape due to limitations of the tools and processes being used. Finally, time is an issue; it takes an average of seven to eight months to detect a breach.

Achieving operational excellence in cyber defense requires a comprehensive approach that prepares for threats, predicts and detects breaches, and then responds to and recovers from incidents. Organizations need well-trained employees who can react to clear-cut incident response plans and procedures for different types of threats.

A robust cyber security operational model starts with a well-defined strategy of how security supports business performance. The model is centered on core risk-management goals. It will prepare and protect for potential threats by providing usable threat intelligence and actively managing vulnerabilities. The model includes forward-thinking capabilities to help scale activities and references an IT strategy that provides greater understanding of the organization’s assets, data sets, technical and business functions.

The model enables security to defend and detect intrusions using advanced analytics, also identifying behavior changes that indicate security risks. An emphasis on visualization helps identify anomalies quickly from large volumes of data.

Organizations can respond and recover effectively by employing active defense strategies and actively managing security incidents, using platforms that guide operators in hunting for threats. Training should mimic attackers—to prepare teams for real-world adversaries—with activities that encompass security operations and tie-in with strategic channels in the business.

To achieve operational excellence in cyber security, organizations can take specific steps to improve their security operations:

• Assess the effectiveness of current security processes

• Invest in attracting and retaining skilled security talent

• Automate intelligently to leverage scarce resources

• Understand how threat data pertains to the business

• Identify what isn’t known

• Create a plan to address knowledge gaps

• Find an effective sparring partner that will improve security capabilities

Organizations should focus on creating a highly efficient operating model that balances security operations, new technology implementation, testing of security posture and feedback to update defenses.

The brutal assault on digital assets of organizations worldwide looks to continue. Given the risk-filled environment, organizations need the best operational security capabilities possible to defend their most valuable digital assets.

@AccentureSecure

Strategy and technology alone do not guarantee an effective cyber defense. Many organizations fall short because they lack the right mix of talent and capabilities, or aren’t using a strong and complete cybersecurity model, or have difficulty with properly executing the strategy.

RESPOND

PREP

ARE PROTECT

DEFEND &

DET

ECT

Incident Response

Remediation

Strategy & Business Alignment

Assessment & Architecture

Governance, Risk & Compliance

People & Culture Change

Application & Data Security

Platform & Infrastructure Security

Digital Identity

Vulnerability Management & Threat Intelligence

Advanced Adversary Simulations

Security Monitoring

Cyber Threat Analytics

T RA

NS

FO

RM

ATIO

N

S T R A T E G Y

MA

NA

GE D

S E C U R I T Y & C Y B E R D E F E N S E

Cyber Security Lifecycle Model

3 Accenture.com/CyberDefensePlan

About AccentureAccenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 373,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Copyright © 2016 AccentureAll rights reserved.

Accenture, its logo, and High performance. Delivered. are trademarks of Accenture.

DISCLAIMER: This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.

Contributors

Bill PhelpsManaging Director, Global Security Servicesbill.phelps@accenture.com

Ryan LaSalleManaging Director, Security Growth & Strategy Leadryan.m.lasalle@accenture.com

Kevin OswaldManaging Director, Global Cyber Defense and Managed Security Services Leadkevin.j.oswald@accenture.com

Harpreet Sidhu Managing Director, Cyber Security Lead - Energy North Americaharpreet.sidhu@accenture.com

Patrick JoyceSenior Principal Information Security, Global Security Servicespatrick.j.joyce@accenture.com

Matt CarverSenior Manager, Security Research & Development matthew.carver@accenture.com