Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Public money, private plans: MPs demand Post Office transparency

      13 June 2025

      Coal to cash: South Africa gets major boost for energy shift

      13 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      10 red flags for Apple investors

      13 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » How to mature your cybersecurity programme

    How to mature your cybersecurity programme

    By Gidi Cohen13 May 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Security leaders have long wanted to tackle their most pervasive issues. These include exponential growth of the attack surface and cyber risks as well as diminishing control of a rapidly changing technology landscape — all against the backdrop of a severe talent shortage.

    Skybox’s new report, Vulnerability and threat trends 2021: Cybersecurity comes of age, demonstrates that there is a need for greater maturity. It brings focus to just how energised threat actors have become over the pandemic: Extraordinarily, new malware samples almost doubled over 2020. It highlights how operational technology (OT) environments are increasingly exposed to attack: The number of vulnerabilities within industrial Internet of things (IIoT) devices increased by 308% over the last year. And it reinforces the scale of the task now facing teams dealing with cyber-risk management: There were 18 341 new vulnerabilities over 2020, adding to the exposure from prior years’ discoveries.

    What has become clear over the last year is that what was once considered “good enough” will no longer suffice. Long-held practices relying primarily on detection and response don’t hold water anymore — if we are honest with ourselves, they were never “good enough”.

    What has become clear over the last year is that what was once considered ‘good enough’ will no longer suffice

    Managing security posture has become a critical necessity for reducing the risk of cyberattacks. By improving security posture, it’s possible to eliminate the exploitation of known attack vectors. Further, by focusing on a much smaller attack surface, detection and response programmes can shine again.

    But security posture management is not an easy task. Organisations have a complex security stack and use many technologies. As a result, they are discovering that their muscle to manage security posture is, at best, underdeveloped. They need to adopt a transformation mindset. To achieve this, organizations need to mature their security programmes:

    Gidi Cohen

    Develop a roadmap to maturity

    Developing a well-rounded and resilient cybersecurity programme isn’t something that can happen overnight. It’s a journey that demands iterative change. The first step of this journey is understanding your organisation’s current maturity level. It could be that you are addressing security on an ad hoc basis, or you may have defined security processes, or you may be at a stage where you can manage your programme and are able to drive strategic change. By understanding what the next level of maturity looks like, you can develop a road map that will improve your security posture.

    Ad hoc

    This stage represents the most remedial cybersecurity programmes. These can be found in organisations that don’t have consistent processes or policies. An “ad hoc” programme is one without systems or tools in place. As a result, there are functional and technological silos; the programme is reactive and piecemeal; blind decisions are made that are based on a patchwork of data inputs; and remediation and patching are typically news-driven and happen sporadically.

    Developing

    One step above ad hoc security, this stage is where you will find organisations that have an active cybersecurity programme but lack defined processes. For example, they may have a vulnerability scanner but they aren’t using it systematically. Security is something that’s dealt with inconsistently, with periodic clean-ups of rules and objects, hardening of configurations, and patching to eliminate vulnerabilities. Additionally, compliance is handled with manual checking and recertification.

    Defined

    Some organisations are at the stage where they have a defined programme. They know who is responsible for each task and are clear about processes. However, they still don’t know what’s happening every day. They may have policies in place, but they don’t have any ongoing tools to manage them properly. And they may have a defined vulnerability management programme, but they cannot automate remediation and have inconsistent oversight of operational performance and risk level.

    Managed

    Organisations with well-established and mature cybersecurity programmes sit here. They have dashboards that enable them to manage their programme, they can see whether they’re making improvements, and they have insight that enables them to make strategic changes to their programmes. And they will be automating change management as well as the discovery, prioritisation and remediation of vulnerabilities.

    Optimising

    Very few organizations are currently at this stage – in many ways, this is an aspiration for most organisations. But getting to the stage where you can focus on optimising processes and delivering ongoing, continuous improvement for the organisation is achievable. This is when organisations have holistic visibility of the attack surface and can visualise, analyse, and narrow it down on an ongoing basis. They have tight integration with the security and IT management ecosystem. They have a common platform and data sets for all teams dealing with security posture management and incident response. And they can leverage context of their environment to zero in on what matters and remediate their most exposed vulnerabilities first.

    Zero in on what matters

    By maturing cybersecurity programmes beyond traditional defence tactics, the chief information security officer will be able to gain the insight needed to improve security posture. By understanding the context of the infrastructure and its security controls — on-prem, private cloud and public cloud, and achieving full visibility of their attack surface, they will be able to better quantify cyber risks, prioritise remediation and zero in on what matters.

    Skybox’s new report highlights the biggest challenges facing CISOs and their teams today. But it also explains why this is a pivotal moment for cybersecurity. We are at the beginning of an exciting new era. This is the moment when cybersecurity comes of age to help security teams zero in on what matters and overcome some of their largest and most enduring challenges.

    Read the report now

    Additional resources

    • Vulnerability and threat trends 2021: Cybersecurity comes of age
    • E-book: Risk-based vulnerability management

    About Gidi Cohen
    Gidi Cohen co-founded Skybox in 2002 and has guided the company’s vision and development as the leader in cybersecurity analytics. A respected innovator in the security analytics space, he is a popular speaker at industry conferences worldwide, demonstrating how sophisticated analytics, modelling and simulation, as well as unprecedented network visibility, are used to reduce an enterprise’s attack surface. For more than 10 years he has been committed to empowering security leaders to quickly and accurately prioritise and address vulnerabilities and threats with cutting-edge Skybox solutions.

    About Skybox Security
    Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritise and remediate vulnerabilities across your organisation. The vendor-agnostic solution intelligently optimises security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected. Visit www.skyboxsecurity.com for more information.

    • Check out all the recent Skybox Security content on hub.techcentral.co.za/skybox
    • This promoted content was paid for by the party concerned


    Gidi Cohen Skybox Skybox Security
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleSABC tells television viewers: Analogue switch-off is coming
    Next Article Elon Musk single-handedly crashes bitcoin

    Related Posts

    4 tips for exposure management of your business applications

    19 February 2025

    Network professionals lose nearly half their week to manual tasks that could be automated

    3 December 2024

    Skybox: half of firms fear security incidents due to siloed network and security teams

    17 October 2024
    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.