Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Gaurav Banga
Gaurav Banga
Connect Directly
E-Mail vvv

How to Create a Dream Team for the New Age of Cybersecurity

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

Today, enterprises consist of complex interconnected environments made up of infrastructure devices, servers, fixed and mobile end-user devices and a variety of applications hosted on-premises and in the cloud. The problem is traditional cybersecurity teams were not designed to handle such complexities. Cybersecurity teams were originally built around traditional IT—with a specific set of people focused on a specific set of tools and projects.

As enterprise environments have grown, this siloed approach to cybersecurity no longer works. When each member of your security team is only focused on one narrow slice of the pie, it’s far too easy for adversaries to enter through the cracks. The following are critical steps chief information security officers (CISOs) must take in order to establish a dream team for the new age of cybersecurity.

1. Take a Talent Inventory
Before making any new hires, CISOs should evaluate their current cybersecurity talent and determine the competencies and gaps of each member on the existing team. Ideally, you want people who think creatively — and can think like the adversary. Successful hackers are resourceful and inventive, and they are looking for ways around your standard security controls. If the members of your security team are only concerned with whether existing controls are working correctly, you're going to get hacked. The attack surface is massive and growing every day, and your security team must include individuals who continuously look for vulnerabilities the adversary could exploit — no matter where they are — so these issues can be addressed.

2. Hire Top Talent or Outsource Top Talent
Hiring and retaining top talent for your cybersecurity team is crucial to successfully increasing cyber-resilience. This is not easy, especially when the cybersecurity skills shortage is only worsening. Training existing employees on security skills and arming them with new tools that leverage artificial intelligence, machine learning, and automation for a force multiplier effect is one way you can go. Alternatively, CISOs can choose to outsource parts of the security function to expert managed security service providers (MSSPs). No matter how you choose to assemble your team, it is critical that your security team understands your specific business and network context as well as your focus on improving cyber-resilience, and have the needed skills and tools to protect business-critical assets while continuously improving security posture.

3. Get Companywide Buy-in (Including Your Board)
Gone are the days when cyber-risk was manageable solely by the security team. According to Gartner, at least 95% of security failures through 2022 will be the result of human error. This could potentially stem from anyone in the company. All stakeholders in a business — including C-suite, employees, customers, partners, vendors, etc. — MUST be educated on how their actions can positively or negatively affect the security of their company, and how the success of the company lives and dies with cyber-resilience.

Security today is a business issue, not just a technology one, and everyone must do their part. CISOs need to shoulder the primary responsibility of getting everyone in the company aligned with their security objectives. CISOs must engage with their board of directors, educate them on cybersecurity challenges, and get them on board (no pun intended) with stated objectives and approaches to improving cyber-resilience. For example, after sharing a security posture transformation plan with his/her board, the CISO can follow up in three- or six-month increments and share exactly how much cyber breach risk has been reduced during the time period. CISOs should be able to quantify this with calculations and trends for items such as: "risk to intellectual property,""risk of operational disruption" and "risk to customer data." 

4. Get Proactive and Prioritize Accordingly
Many security tactics focus on reactively detecting and remediating attacks. Security teams are often completely overwhelmed trying to sift through alerts. If this is all we do, we will always be behind and will never get ahead of the adversary. Rather than being purely defensive, security teams should instead focus more efforts on predicting and proactively avoiding breaches. CISOs should set aside budget and team resources that focus exclusively on proactive efforts to improve the enterprise security posture.

That said, there are myriad potential attacks that threaten organizations through hundreds of attack vectors, making it impossible for CISOs to proactively protect all assets at all times. Therefore, CISOs must differentiate what is critical and what is less important in order to prioritize the necessary actions to protect essential business assets and information. It's also important to institute programs that address cybersecurity posture in a strategic manner, such as two-factor authentication, password managers, impact-based mean-time-to-patch SLAs, bastion hosts, and dynamic network segmentation. 

5. Add AI to Your Team
With the number of cybersecurity threats growing every day and increased digitization of assets/processes that could be vulnerable to those threats, it is mathematically impossible for humans to monitor for threats and sift through hundreds of thousands of vulnerabilities to determine which to prioritize. Even the largest security team composed of the most skilled IT professionals can't effectively accomplish this without the assistance of artificial intelligence. These tools, which continuously monitor all assets and proactively predict what vulnerabilities are most likely to be exploited, are becoming increasingly essential for keeping up with the constantly evolving attack methods employed by cybercriminals, as well as the ongoing digital transformation of enterprises. Humans are certainly still needed to effectively manage cybersecurity, but AI needs to be a welcome new member to the team.

Follow the above five tips, and you will have a dream team truly prepared to protect your business in this new age of cybersecurity.

Related Content:




Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Gaurav Banga is the founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was co-founder and CEO of Bromium and led the company from inception for over five years. Gaurav has a Ph.D. in computer science from Rice University, and a ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-13
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
PUBLISHED: 2020-08-13
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
PUBLISHED: 2020-08-13
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable denial of service via local access.