With the new SEC disclosures rule for material cybersecurity incidents now in effect, much of the talk on SEC rules is centered around materiality. Material incidents now need to be disclosed in just four days, yet it is unknown exactly what level of detail is needed for disclosure, and how companies should respond.
Why now is the time to strengthen remediation operations
Time will tell how disclosure practices will change. Meanwhile, what organizations can control is strengthening cybersecurity processes and governance. Remediation remains a critical but often weak area of cybersecurity programs today. Organizations that strengthen remediation operations gain two advantages when it comes to the SEC cybersecurity disclosures:
- Strengthening remediation practices can decrease the likelihood and impact of incidents, reducing the chances of having to file a disclosure for material incidents.
- Demonstrating effective and timely remediation is a sign of strong cybersecurity processes, which can influence how the SEC carries out enforcement actions in the eventuality that material incidents are disclosed
Why strengthening remediation is critical
Year after year, research shows that most breaches result from the exploitation of known vulnerabilities. Recent studies show that vulnerabilities from 2017 are still being exploited in many organizations today. The fact that most incidents stem from the exploit of known vulnerabilities, many of which are years old, is evidence that remediation operations need to improve.
The SEC rule is also placing greater scrutiny over governance and oversight of processes used to oversee cybersecurity risks. One common metric to measure cybersecurity effectiveness is mean-time-to-remediate (MTTR), which is how quickly vulnerabilities are fixed from the first time they are detected. Since SEC registrants are required to describe their process for managing risks, reducing MTTR is one critical outcome that demonstrates processes are working.
How to strengthen remediation operations in 2024
Most companies still have siloed and complex remediation processes that require many different teams and technologies. Companies looking to meaningfully improve their remediation operations should take the following steps:
- Unify and prioritize vulnerability data: organizations need a unified view of all detected vulnerabilities, and alignment on which ones present the most risk to the business. Since most companies have an average of 70 different security controls, cybersecurity teams need a way to prioritize all of the data coming at them in a central console in order to for improve response.
- Reduce the time to find root cause: one of the biggest delays in remediating vulnerabilities is the time spent trying to find the root cause of vulnerabilities. With the rise of cloud services and automation technologies, vulnerabilities can quickly multiply across an environment, making it essential to find and fix vulnerabilities where they originate, so they don’t reappear.
- Automatically identify the owner: vulnerabilities can have many different owners: from IT helpdesk teams to cloud infrastructure and software development teams. By automatically assigning the right ownership to detected vulnerabilities, organizations can streamline communications and the fix, accordingly.
- Automate the fix whenever possible: Automation and AI are rapidly growing in sophistication and use. Depending on the vulnerability and the criticality of the system impacted, security leaders should start to test and use automated fixes for vulnerabilities that have human oversight. Greater adoption of automation and AI is one way that organizations can meaningfully reduce the likelihood of material incidents in the years to come.
Conclusion
With regulation, the only constant is change. The SEC will continue to amend how cybersecurity incidents should be reported and what they’re looking for when it comes to risk mitigation strategies. Despite the ever-changing scope of regulation, organizations can always improve on critical risk mitigation strategies. Strengthening remediation operations is perhaps the most meaningful way to reduce the likelihood and impact of material incidents and demonstrate strong cybersecurity risk mitigation processes.