When it comes to cybersecurity, organizations are facing many challenges and opportunities, both existing and new ones. More and more organizations are paying attention to security, with a primary focus on leveraging technology in order to “fix the problem” but there are too many gaps from an architectural point of view in terms of protecting organizations' crown jewels.
So where do we go from here?
People. There are several mentions in the market around the lack of security resources and skills. Ensuring the right skills in an organization is critical to its success. But it is not only about the skilled IT security staff – it is as much around how you live and breathe security across the entire organization on a day to day basis. A security awareness day that you run quarterly or yearly isn’t enough to ensure that security is part of your organization's DNA for everyone.
Process. We still see a lot of organizations out there lacking a security incident response plan. We even see organizations who do not know where their crown jewels are and how they are exposed – or even protected. Ensuring a proper incident response plan, driven from the leadership team to the technicians, is pivotal for success in protecting your organization’s crown jewels.
Technology. Is there too much technology to choose from today in cybersecurity? Based on the conversations I have with NTT Security customers, I would say yes. There is simply too much choice with a vast array of use cases that are not always attached to the business priorities for the organization. Depending on the nature of your business and the speed of digitalization your organization is on, the technology vendors will vary, and the risks are similar albeit different.
Here are a several ways to mitigate the challenges and leverage the opportunities in cybersecurity today and in the future:
• Security is a board-level topic, so make sure to give it the attention it deserves. Everything your organization does must have a stance in security. Make risk-aware business decisions.
• Align security with the business priorities. Include security at the beginning of every new initiative to make sure it is intrinsic in everything you do. Then it will become a business enabler – not a business inhibitor.
• Review your cyber defense strategy and architecture as well as your technology suppliers. Does your current IT strategy enable business alignment whilst ensuring the processes remain secure? Do you have a proper incident response plan that also includes what your leadership team will do in the case of an incident?
• Challenge the status quo and build a plan to disrupt your own technology landscape providers. How do you best align your technology providers to your business needs?
• Do you have the right skills in your organization? Where do you have skill gaps, and can you work with an external partner to support you and lift some if not all of the burden of your shoulders? A Managed Security Services provider could be the help you need.
• Do you have a Crown Jewel program? If not, it is about time you accelerate a plan for identifying and building a plan to protect your crown jewels.
• As mentioned in my previous blog post, always assume breach. Whatever you do need to consider the fact that an intruder can already be inside your organization and just waiting for the right moment. Build a plan for how to disrupt the status quo.
• Security is not a state of mind – it is something you do. We always talk about “people, process, and technology”. Organizations today are over-reliant on technology to meet their security needs – while lacking resources and skills to manage and derive the right value from technology alone.