Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:30 PM
James Hadley
James Hadley
Connect Directly
E-Mail vvv

Digital Transformation Means Security Must Also Transform

Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.

The impact of the changes brought about by the pandemic is the one inescapable topic running through my current conversations with CISOs. For me, this tends to fall into three subtopics: team management and people strategy, visibility, and crisis response operations.

While change can be hard, especially in challenging times, those in senior management need to empower their security leaders to make important decisions. In an uncertain business environment, doing so can be the difference between being well-positioned for the upswing or losing the initiative. 

Related Content:

3 Fundamentals for Better Security and IT Management

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: 9 Cyber Disaster Recovery Tips for Disaster-Prone Times

Team Management and People Strategy
The management of security teams has changed significantly since the world was forced to work remotely. The rug has been pulled from beneath once well-established processes, such as onboarding and morale building, and CISOs are having to adapt to stay relevant and keep teams connected to one another. The pandemic has emphasized the need to build teams and strong relationships remotely. It's critical in any industry, but especially for overworked and stressed security teams, to ensure they're rewarded, clearly communicated with, and motivated in their jobs.

Mental health is also a pressing concern, not just for CISOs but also for their teams. The stress of the pandemic coupled with isolation are further amplified by the never-ending demands of the threat landscape. It is still too early to say definitively how to address many of these difficult and delicate issues; however, it is apparent that our forced digital transformation is having unseen human impacts. 

From my point of view, motivating a security team can be achieved by giving them challenges and a means to progress. The best cybersecurity talent is creative, curious, and hungry to learn. Being remote doesn't have to change this, and some of the most well-bonded teams I see are those who are given a clear path to development.

Having a team that has scattered to the seven corners of the earth because of the pandemic makes understanding their capabilities and current state of readiness difficult. Whereas previously you would catch up regularly, either informally or formally, now it's hard to understand where the different human assets lie in your organization and what their current capabilities are.

As an industry, we are hardwired to collect data from technology platforms but less so from a people point of view. This speaks volumes about the fact that human capabilities are often viewed as secondary to technological assets in cybersecurity.

However, progressive CISOs appreciate that skills weaknesses are as much a part of the attack surface as technological ones. By understanding this point, and mapping people data against common attack techniques, they can significantly increase effectiveness. This kind of view is especially crucial while remote and human assets are "at a distance".

It's Time to Update Crisis Simulations
Even before the pandemic, legacy crisis response training was falling behind the attack landscape. Cumbersome and infrequent, it's too static and resource intensive to effectively address a fast-paced, agile adversary.

Despite the rapidly increasing pace of the threat landscape, over a third of organizations still leave a year or more between cyber-crisis simulations, and 42% don't have regular cross-team incident planning at all. This legacy approach must change, building in greater frequency of training while simultaneously making it less onerous on people and involving a broader range of stakeholders. This lends itself to running shorter but more frequent crisis exercises that can be understood by everyone from public relations and legal teams to technical talent.

Crisis exercising in this way, known as micro-drilling, helps team members build vital muscle memory, which will teach them the instincts necessary to respond when the worst happens. What's being taught isn't the response to a specific issue but the ability to adapt and think on their feet when the worst happens. Teaching this kind of cognitive agility is crucial to building a resilient frontline response team. 

This lends itself to a remote workforce. Employees in flux are more likely to engage with innovative methods such as this, which are often delivered collaboratively through the browser and bring together incident response teams to practice on real-life simulations of recent crises.

COVID-19 is forcing every element of business to adapt, and the security function isn't immune. To achieve this agility, senior security leaders themselves must be open to new ways of doing things. The underlying problems may be similar, but forced digital transformation adds a requirement for security to also transform. The successful CISO will be the one who understands this and is prepared to evolve, without putting pressure on constrained resources.  

James Hadley founded Immersive Labs in January 2017 after delivering GCHQ's cyber summer school. It was during these sessions he realized that passive, classroom-based learning doesn't suit the people, or pace, of cybersecurity. Not only did the content date quickly, its ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...