Cybersecurity has always been a thorny problem for businesses. It is a complex and challenging field that requires much planning, but that does not directly generate revenues. However, it is a crucial part of any digital transformation platform. What confidence can ever have a company in the digital transformation process if it can not rely on the fact that its systems protect sensitive data? Just as with other aspects of digital transformation, building solid cybersecurity is a step-by-step practice. I have identified four stages of maturity in mastering cybersecurity.
Just like any doorman, this level of cybersecurity considers the company's network as a building and focuses on the entrance. Every time someone tries to enter, check their credentials and decide whether to let them go. Once they are in the network [building], however, the doormen see nothing about what they do.
Door-style security operations are not so sophisticated, and their approach is largely obsolete: they continue to consider the network's perimeter as the central point of the technology infrastructure, while the rest of the world has overcome this prospect and now we live in a post-perimeter society. The complex set of connections and work relationships means that different levels of access are required both inside and outside the firewall, sometimes for short periods.
While the goalkeeper focuses only on the perimeter, the bouncer has an eye out and one inside. It is not only interested in who gets into the network, but also looks at its behavior once inside. This level of security operations uses a combination of security between appliance and cloud but still works mainly on reaction, to stop malicious activity when it occurs. The bouncer's problem is that it can only act after an attack has occurred, usually when some damage has already been done.
Companies at this step have made progress towards greater maturity in network security operations.
The detective makes a further step forward and closes the cycle by introducing a systematic response process that snaps into action as soon as a security incident occurs. At this level, a security team not only responds to alarms and quickly contain damages it but also determines the source of an attack and uses the information collected to try to mitigate further attacks or to prevent them completely. While the bouncer solves the problems in the immediate, the detective uses them to learn, thus constantly strengthening the organization against future attacks.
This type of operation is definitely advanced, a significant number of companies are already at this level.
The "special forces" team is the crème de la crème of cybersecurity: it uses cloud-based security and intelligence to detect problems as soon as they occur and take automatic prevention measures to block them on the fly. Working at this level are useful techniques such as automatic learning to help address the complexities of detecting suspicious traffic on the network and user behavior and reacting automatically.
This is the most advanced level of maturity for a cybersecurity operation.
How can companies advance their cybersecurity and increase their level of maturity?
They need to start looking at their current status to understand where their vulnerabilities are located, which can be done using managed advisory services to help them pass from the stage we called the "doorman" to the "bouncer".
Reaching the "detective" status implies switching from solutions designed solely to address security incidents to a more comprehensive ecosystem, including intelligence and response systems that coordinate accidental and countermeasure data.
An organization that reaches this level will be a step forward in cybersecurity but will continue to use this event information to manually configure the systems. To reach the state of "special forces" you have to push even further.
The highest level of cybersecurity requires a next-generation security platform that processes intelligence data and responds automatically to the appropriate measures. A system like this creates real-time network changes, countering threats as soon as it detects them.
Even if these sophisticated systems are still at the beginning and automatic response involves risks, it is not too early to implement a human response test and gradually activate automatic responses as the system learns about the network. Experience and upgrades to existing systems will soon increase confidence in the effectiveness of the automated response.
Businesses take the initiative
The journey towards maturity of cybersecurity can intimidate IT teams, but there are positive signs that companies are understanding the importance of mature cybersecurity.
More and more stringent regulations around the world urge companies to recognize and respond to growing cyber-risks. Just a few years ago, IT departments struggled to get involved in business units and get their co-operation to increase the level of cybersecurity. Now they find strong allies on the board of directors.
Cybercriminals and hackers acting on behalf of enemy states continue to evolve, and modern businesses can not ignore the need to keep up.
Making quality leaps to cybersecurity often requires additional resources, but recruiting professionals in this area may not be easy, even after getting approval to hire. Frost & Sullivan analysts predict that there will be 1.5 million specialists less than necessary by 2020, according to the Global Information Security Workforce Study (ISC).
This leads many companies to turn to solution providers such as LinxPower LLC, who can work with the organization to assess security maturity and deliver solutions, including managed services, to find the right balance between risk and investment in cybersecurity.
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)
Copyright 2013. John Giordani. All Rights Reserved.