Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/5/2020
02:30 PM
James Hadley
James Hadley
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Digital Transformation Means Security Must Also Transform

Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.

The impact of the changes brought about by the pandemic is the one inescapable topic running through my current conversations with CISOs. For me, this tends to fall into three subtopics: team management and people strategy, visibility, and crisis response operations.

While change can be hard, especially in challenging times, those in senior management need to empower their security leaders to make important decisions. In an uncertain business environment, doing so can be the difference between being well-positioned for the upswing or losing the initiative. 

Related Content:

3 Fundamentals for Better Security and IT Management

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: 9 Cyber Disaster Recovery Tips for Disaster-Prone Times

Team Management and People Strategy
The management of security teams has changed significantly since the world was forced to work remotely. The rug has been pulled from beneath once well-established processes, such as onboarding and morale building, and CISOs are having to adapt to stay relevant and keep teams connected to one another. The pandemic has emphasized the need to build teams and strong relationships remotely. It's critical in any industry, but especially for overworked and stressed security teams, to ensure they're rewarded, clearly communicated with, and motivated in their jobs.

Mental health is also a pressing concern, not just for CISOs but also for their teams. The stress of the pandemic coupled with isolation are further amplified by the never-ending demands of the threat landscape. It is still too early to say definitively how to address many of these difficult and delicate issues; however, it is apparent that our forced digital transformation is having unseen human impacts. 

From my point of view, motivating a security team can be achieved by giving them challenges and a means to progress. The best cybersecurity talent is creative, curious, and hungry to learn. Being remote doesn't have to change this, and some of the most well-bonded teams I see are those who are given a clear path to development.

Visibility
Having a team that has scattered to the seven corners of the earth because of the pandemic makes understanding their capabilities and current state of readiness difficult. Whereas previously you would catch up regularly, either informally or formally, now it's hard to understand where the different human assets lie in your organization and what their current capabilities are.

As an industry, we are hardwired to collect data from technology platforms but less so from a people point of view. This speaks volumes about the fact that human capabilities are often viewed as secondary to technological assets in cybersecurity.

However, progressive CISOs appreciate that skills weaknesses are as much a part of the attack surface as technological ones. By understanding this point, and mapping people data against common attack techniques, they can significantly increase effectiveness. This kind of view is especially crucial while remote and human assets are "at a distance".

It's Time to Update Crisis Simulations
Even before the pandemic, legacy crisis response training was falling behind the attack landscape. Cumbersome and infrequent, it's too static and resource intensive to effectively address a fast-paced, agile adversary.

Despite the rapidly increasing pace of the threat landscape, over a third of organizations still leave a year or more between cyber-crisis simulations, and 42% don't have regular cross-team incident planning at all. This legacy approach must change, building in greater frequency of training while simultaneously making it less onerous on people and involving a broader range of stakeholders. This lends itself to running shorter but more frequent crisis exercises that can be understood by everyone from public relations and legal teams to technical talent.

Crisis exercising in this way, known as micro-drilling, helps team members build vital muscle memory, which will teach them the instincts necessary to respond when the worst happens. What's being taught isn't the response to a specific issue but the ability to adapt and think on their feet when the worst happens. Teaching this kind of cognitive agility is crucial to building a resilient frontline response team. 

This lends itself to a remote workforce. Employees in flux are more likely to engage with innovative methods such as this, which are often delivered collaboratively through the browser and bring together incident response teams to practice on real-life simulations of recent crises.

COVID-19 is forcing every element of business to adapt, and the security function isn't immune. To achieve this agility, senior security leaders themselves must be open to new ways of doing things. The underlying problems may be similar, but forced digital transformation adds a requirement for security to also transform. The successful CISO will be the one who understands this and is prepared to evolve, without putting pressure on constrained resources.  

James Hadley founded Immersive Labs in January 2017 after delivering GCHQ's cyber summer school. It was during these sessions he realized that passive, classroom-based learning doesn't suit the people, or pace, of cybersecurity. Not only did the content date quickly, its ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.