Over time we understood that data helps make better decisions in terms of cybersecurity. To be more specific, we come from security based on data and intelligence.
But what makes security operations easier?To answer this question, in this article we will talk about the history of cybersecurity, the evolution of the CISO profile, the challenges facing cybersecurity today and, finally, we will share 9 recommendations to make your cybersecurity strategy works.
DO YOU WANT TO SEE IT INSTEAD OF READING IT?
How has cybersecurity evolved?
Businesses evolve how they defend against cyberattacks over time. So how did we make those decisions in the early stages of cybersecurity?
At A3Sec, we named the first stage Benchmarking because we protected ourselves according to the recommendations. We would ask our friends how they did to protect themselves, and then we would imitate them.
Changes continued, and business people began to use more effective methodologies for decision making. And an excellent approach was risk management.
The current stage, which we call operational efficiency, is changing cybersecurity since we are asked to do more with less, that is, that the controls have greater coverage and that at the same time it costs us less.
The evolution of the CISO profile as responsible for cybersecurity
The role of the CISO has evolved along with the advancement of cybersecurity. We must highlight three main profiles that have served to define the CISO as we know it today.
The hacker. This was the first profile that gave him the role of cybersecurity manager. They were people who had remarkable technical skills and could get inside the tools. However, they knew little about risk management.
The Systems Auditor. It is the second profile that evolves to become a CISO. The auditor follows to the letter what the policies, norms, laws and regulations establish. It doesn't negotiate a control so everything must be implemented to give you peace of mind. Your profile is risk averse.
The businessman. The person in this profile has executive skills and assumes responsibility for cybersecurity. It is a profile that understands how to negotiate.
What are the challenges facing cybersecurity?
1. The visibility of our information
Let's start with a self-assessment: how much information about your company do you know?
Answering this question honestly is important since the ability to understand what happens in our companies is the first challenge facing cybersecurity.
And it is a challenge because 80% of the data is unknown to companies.
If we do not pay attention to what happens within our organization and we do not know what we protect, it will be difficult for us to know if we are safe.
2. Attack detection time
According to IBM research, it can take up to 280 days for a company to detect an attack. They also point out that the average cost of a cybersecurity incident is approximately $4 million.
Large companies dedicated exclusively to cybersecurity also face this challenge.
Mandiant, a firm that investigates attackers' techniques, tactics and procedures, issued a statement saying they had been targeted and it took three months for them to realize it.
Vulnerability management processes are one of the problems we encounter in many organizations.
To begin with, the cybersecurity area performs vulnerability tests on the systems periodically, which can take from one to two months. Second, the report takes a month to produce. Once examined, it took us two weeks to deliver the report to the technical department. Finally, six months later, we produced another report to compare it with the previous one.
On average, it takes organizations 65 days to close critical vulnerabilities, and more than 85% of the vulnerabilities are most likely the same.
Since these are time-consuming procedures, we need to rethink the detection and response model to make it more efficient.
9 keys to implement successful cybersecurity processes
1# Know what you want to protect
At A3Sec we are very clear about something: "It is impossible to undertake security management without having a clear, updated and continuously monitored inventory of assets".
The problem is that organizations in their digital transformation begin to create services and publish ephemeral solutions, where a service can last from 20 minutes, 24 hours, 6 months to 1 year. But the infrastructure of organizations evolves so quickly that those responsible for cybersecurity do not even realize it exists.
Consequently, the most important responsibility is to know what we must protect.
2# Safety posture
The next stage is to figure out how each asset in your inventory is configured and what might be wrong.
To do this, the controls applied in the field of cybersecurity must mitigate risks and uncertainty. Let's not forget that these controls have a life cycle, you have to make sure that they continue to fulfill the objective for which they were implemented on an ongoing basis.
3# Manage the risks of events and alarms
At A3Sec we realized that having visibility into our organization and being able to produce alerts on things that could be critical was essential.
However, when we receive a large number of alerts, we may experience alert fatigue.
For example, we check our alarms and see that it is a false positive, then we check it again and see that it is a false positive again, so we can get tired and stop treating or analyzing these alerts.
The key is to know how to assess the risks of the alarms and focus on what is truly vital for us, in order to avoid alert fatigue.
4# Develop safe habits
We have found that spending money to sensitize people is ineffective, since individuals are sociable by nature and susceptible to attack.
For this reason, rather than repeating warnings, we must help people create safe habits and be able to detect people's actions and identify anomalies that could pose a risk to the company.
5# Emerging threats
Known threats are those that we have already encountered and most cybersecurity tools can detect them and take containment action in response to the threat.
To manage emerging threats, an important initiative is the management of cybersecurity intelligence and sharing what happens to the ecosystem. Many countries are beginning to see the importance of sharing this intelligence so that we can improve our capabilities, some are interested in imposing this initiative to exchange intelligence through regulations.
What is done in this regard is to have tools that capture intelligence both from public and private sources, as well as from the organization itself, to help generate a context of what is happening. In this way we will be prepared for the new techniques, tactics and procedures that may affect us.
6# Crisis management
We use it for incidents that have never happened to anyone else and for which we are the first to be exposed.
Crisis management provides us with a framework to deal with things we don't understand and have never faced. It's about understanding how we analyze and how we put in place certain measures to deal with them, and then using the learning process to fix the problems so that they don't happen again or that we're much stronger afterward.
7# Availability management
From a cybersecurity point of view, we are monitoring the infrastructure to see if there are any failures that we are not detecting that could lead to a cybersecurity incident.
And that is a component that must also be included in security measures.
8# Automate everything possible
The operational effectiveness of the cybersecurity management model improves with the automation and orchestration of operational procedures.
All actions carried out by the security team in the course of their work must be automated. We must make decisions with the minimum resources that we have in the field of security and think about the novelties that may arise, instead of devoting resources to repetitive tasks that a machine can perform.
9# Continuous improvement
Periodically evaluate the effectiveness of security controls to detect potential cost savings and efficiencies in your business.
We must remember that security is a process, not a fixed position.
Every control must evolve with technology, and our security strategy must grow with it.
I hope you now have a better understanding of what you need to do to make your cybersecurity system work properly, whether you want to do it yourself or hire professionals.