Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:30 PM
James Hadley
James Hadley
Connect Directly
E-Mail vvv

Digital Transformation Means Security Must Also Transform

Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.

The impact of the changes brought about by the pandemic is the one inescapable topic running through my current conversations with CISOs. For me, this tends to fall into three subtopics: team management and people strategy, visibility, and crisis response operations.

While change can be hard, especially in challenging times, those in senior management need to empower their security leaders to make important decisions. In an uncertain business environment, doing so can be the difference between being well-positioned for the upswing or losing the initiative. 

Related Content:

3 Fundamentals for Better Security and IT Management

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: 9 Cyber Disaster Recovery Tips for Disaster-Prone Times

Team Management and People Strategy
The management of security teams has changed significantly since the world was forced to work remotely. The rug has been pulled from beneath once well-established processes, such as onboarding and morale building, and CISOs are having to adapt to stay relevant and keep teams connected to one another. The pandemic has emphasized the need to build teams and strong relationships remotely. It's critical in any industry, but especially for overworked and stressed security teams, to ensure they're rewarded, clearly communicated with, and motivated in their jobs.

Mental health is also a pressing concern, not just for CISOs but also for their teams. The stress of the pandemic coupled with isolation are further amplified by the never-ending demands of the threat landscape. It is still too early to say definitively how to address many of these difficult and delicate issues; however, it is apparent that our forced digital transformation is having unseen human impacts. 

From my point of view, motivating a security team can be achieved by giving them challenges and a means to progress. The best cybersecurity talent is creative, curious, and hungry to learn. Being remote doesn't have to change this, and some of the most well-bonded teams I see are those who are given a clear path to development.

Having a team that has scattered to the seven corners of the earth because of the pandemic makes understanding their capabilities and current state of readiness difficult. Whereas previously you would catch up regularly, either informally or formally, now it's hard to understand where the different human assets lie in your organization and what their current capabilities are.

As an industry, we are hardwired to collect data from technology platforms but less so from a people point of view. This speaks volumes about the fact that human capabilities are often viewed as secondary to technological assets in cybersecurity.

However, progressive CISOs appreciate that skills weaknesses are as much a part of the attack surface as technological ones. By understanding this point, and mapping people data against common attack techniques, they can significantly increase effectiveness. This kind of view is especially crucial while remote and human assets are "at a distance".

It's Time to Update Crisis Simulations
Even before the pandemic, legacy crisis response training was falling behind the attack landscape. Cumbersome and infrequent, it's too static and resource intensive to effectively address a fast-paced, agile adversary.

Despite the rapidly increasing pace of the threat landscape, over a third of organizations still leave a year or more between cyber-crisis simulations, and 42% don't have regular cross-team incident planning at all. This legacy approach must change, building in greater frequency of training while simultaneously making it less onerous on people and involving a broader range of stakeholders. This lends itself to running shorter but more frequent crisis exercises that can be understood by everyone from public relations and legal teams to technical talent.

Crisis exercising in this way, known as micro-drilling, helps team members build vital muscle memory, which will teach them the instincts necessary to respond when the worst happens. What's being taught isn't the response to a specific issue but the ability to adapt and think on their feet when the worst happens. Teaching this kind of cognitive agility is crucial to building a resilient frontline response team. 

This lends itself to a remote workforce. Employees in flux are more likely to engage with innovative methods such as this, which are often delivered collaboratively through the browser and bring together incident response teams to practice on real-life simulations of recent crises.

COVID-19 is forcing every element of business to adapt, and the security function isn't immune. To achieve this agility, senior security leaders themselves must be open to new ways of doing things. The underlying problems may be similar, but forced digital transformation adds a requirement for security to also transform. The successful CISO will be the one who understands this and is prepared to evolve, without putting pressure on constrained resources.  

James Hadley founded Immersive Labs in January 2017 after delivering GCHQ's cyber summer school. It was during these sessions he realized that passive, classroom-based learning doesn't suit the people, or pace, of cybersecurity. Not only did the content date quickly, its ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting