Modernising operations enables businesses to eliminate distraction caused by compliance regulations and enticing new technologies. Instead, security organisations can stay focused on the overall goal: reducing enterprise risk.
So, you want to get going but you don’t know where to start? The first thing to really get your head around is understanding that to truly modernise, you need to look to the greater cultural landscape , and not just to technology. A culture shift is necessary, manifested in the optimal balance between people, processes and the technology used. And they should be organised in these seven core principles:
1.Culture and People — It’s no secret that the UK is facing a cyber skills shortage and is “verging on a crisis” according to a report by the Joint Committee on the National Security Strategy (JCNSS). Security leaders need to get realistic on whether they would be prepared if their only cyber talent walked out the door. If not, how can they retain them in a market of negative unemployment, competitive salaries and huge technology companies luring them in? It’s necessary to create the right culture to reduce the attractiveness of the competition and maintain capabilities. Only when companies set the right “people” foundation can they build a strong security programme on top.
2.Automation and Orchestration — The biggest benefit of automation is that it is a capability amplifier, freeing up time for employees to undertake more important tasks. Automation and orchestration allow employees to focus on higher-level issues, instead of getting bogged down with mundane tasks, and promote greater integration across many different staff roles. More people being required to complete a task is no longer an option for businesses, and automation and orchestration help to facilitate this. If done correctly, the quality of life and work can be drastically improved.
3.Analytics — Security analytics are able to cut through the day-to-day activities of an information security operations centre and help identify outliers. Using available datasets and common false negatives, businesses can expect to reduce the time spent on chasing down dead leads while using this to create more value from the security infrastructure and making far better use of the data generated by security tools.
4.Collaboration and Process — Collaboration doesn’t just occur within the business between employees across departments, but also with partners, clients and other third parties. Because of this, collaboration acts as an amplifier that makes operations much more effective at detecting, analysing and remediating threats, in conjunction with the business’ overarching goals. It’s paramount that your organisational processes reflect the capabilities that occur in your organisation, and function as a guide for operating the cogs in your security machine.
5.Threat Intelligence — It’s very easy to get caught up in the endless amounts of threat intelligence available in the market today, both from vendors and other outside sources. It is therefore important the intelligence is completely understood before implemented if you are to stay on top of today’s cybersecurity threats.
6.Advanced Controls — How can you determine whether you have the right security solutions to reduce cyber risk? It’s a process. The whole technology stack must be evaluated, tested and compared to industry best practices to understand whether the correct tools are in place and at their optimum configuration. Your organisation may already have the proper tools, making the approach to risk management assimple as implementing the right controls. For example, it may simply be required to move away from a legacy 8-character password to a more, robust, future-proof one.
7.Metrics — It is a challenging task to measure the effectiveness of a security programme against the return on investment that it can produce. However, with a transparent security programme, which reports on wins, efficacy and actualisation of spend, it is not only possible, but a necessary practicality for the business.
If you remain defenceless, you’ll mostly always be defeated by your attacker. This is not a new concept, yet despite this, organisations are still making this mistake: attempting to outsmart cyber attackers with tools and solutions designed for a previous era, when breaches were simply a nuisance and didn’t have the potential to devastate businesses. This is because security strategy used to be based on an “outside-in” approach, when the external threats and regulations called the shots and dictated which security tools were to be utilised and bought. As a result, today’s security tools landscape has led to “too many tools, too few people” conundrum.
To bypass this, the modernisation of operations ensures you can adopt an “inside-out” approach to security, where instead, your business goals and enterprise risk model dictate the security strategy and investment you decide to undertake. In tandem with following The Magnificent Seven, you’ll create a recipe for a strong security defence, and fend off the luring attackers.