When you are driving your car, you spend 95% of the time looking through the front windscreen and, for the remaining 5%, you spend looking in the rearview mirror. Ironically, in cybersecurity, we see a lot of security teams spending 95% of their time looking in the rearview mirror, instead of looking at what is ahead of them.
There are several time thieves for cybersecurity teams today. Some of these evolve around the vast multitude of different technologies that customers have to choose from. Staying up to speed with all existing (and future) technologies is time and resource consuming, where also resources become a narrow sector. More often than not, many resources get trained up and then move into a new role at a better pay. Information overload is a result from all the vast technologies and applications in use by most IT organizations today.
When consolidating all the events and alerts from all the systems in use, it generates a tremendous amount of information, something that often leads to a vast ocean of data that needs to be analyzed. This often leads to most of the time being spent analyzing what already has happened in the rearview mirror – and not thinking as much around what could or will happen in the future. Using the right analysis tools to find the needle in the haystack in a time efficient manner is key to success when analyzing data.
We often see CISOs and CEOs having different point of views when put in the same room. The meaning here is that the CISO often builds a security plan that not always evolves around what the CEO is most concerned about. Yet understanding the business and aligning security to the business needs is a pivotal step on the cybersecurity journey and also a key component in making security a business enabler and competitive edge.
Regulations is another time thief that obviously helps the organization, when done right. However, we find more and more that the incident response plan is something done at a given time, and not kept up to date with the new regulations, technologies implemented, resource skill levels etc. Regulations such as the General Data Protection Regulation (GDPR) has provided more focus and a business consequence for those not taking security seriously, yet there are those who try and avoid staying in control.
Once you have aligned the business to the security needs, understanding where you have your business critical data and assets – often referred to as your crown jewels is the next critical aspect. Many organizations are still working to defining where their critical data and assets are and often what they are.
Leveraging the right amount of risk modelling and threat intelligence are pivotal pieces in the cybersecurity journey when you want to become more predicative around your security, understanding your weaknesses and where your threats might be coming from. Are there any plans from the hackers being planned on key executives, or the organization as a whole? Are there any already stolen or leaked files floating around on the dark web? Finding out these type activities prior to an attack, enables you to become more proactive in the cyber security work.
By knowing your business, your business critical data and assets, building the right plan to protect them, leveraging risk modelling and threat intelligence are all things that will keep you focused on looking ahead, rather than in the vast deep ocean of information and technology that keeps you chained in the past.