Did you know that Thanksgiving is not only celebrated in the United States but in seven other countries around the world? One popular tradition is to take time during the Thanksgiving dinner to share something you’re thankful for. As the holiday approaches, I thought I’d take the opportunity to share three things I believe every security professional can give thanks for.
1. Security is now a top priority in the executive suite. Results from the PwC Global Investor Survey 2018 (PDF) show that investors now see cybersecurity as the largest threat to business – leapfrogging to the top of the list from number five in just one year. To improve trust with consumers, 64% of investors surveyed believe businesses should prioritize investments in cybersecurity protection, while 47% of CEOs concur. What’s more, analysis by Forrester finds that boards are maturing in their understanding of cybersecurity and are asking more detailed questions. That’s a far cry from a few years ago when security rarely made the agenda and we had to fight for mindshare in the executive suite.
For Chief Information Security Officers (CISOs) and other security leaders, this means that the focus has shifted from communicating what you are doing to why – emphasizing the rationale and business benefit. Honing your communication skills to do this effectively, enables you to build trust and engage in a dialogue that offers ample opportunity to showcase the value you and your teams provide. When new, large-scale cyber campaigns make the headlines, or an incident happens that impacts your organization, you can have a much more fruitful exchange thanks to the efforts you’ve made to educate and continuously inform management. And when it comes time for budget discussions, you’ll find those conversations go more smoothly as well. Effective communication has become one of the most important tools in your arsenal to improve security operations. And thankfully, the executive suite now wants to hear what you have to say.
2. A plethora of tools are now available to provide context. Historically, security teams have lacked visibility into which of the thousands of threats and alerts they face every day merit their attention, not to mention the anomalous activity that remains below the radar. Basically, they’ve been flying blind with little insight into how to focus their limited resources most effectively for better protection and risk mitigation. Thankfully, that no longer has to be the case.
There is now a substantial set of tools you can use to gain context, including threat feeds from a variety of sources, an array of threat intelligence services and the increasingly popular MITRE ATT&CK framework. Context comes from aggregating and augmenting internal threat and event data with data from these tools and services. By correlating events and associated indicators from inside your environment (for example from sources including your security information and event management (SIEM) system, log management repository and case management systems) with external data on indicators, adversaries and their methods, you gain the context to understand the who, what, where, when, why and how of an attack. Now you can prioritize based on relevance to your environment. Filtering out what’s noise for you, allows you to understand what to work on first. You can focus on what really matters to your organization and make better decisions faster about the right actions to take to better protect your organization.
3. Information sharing is on the rise. It seems only fitting that the final trend to be thankful for during a season that emphasizes gathering together and sharing, is the trend towards information sharing. We all know there is strength in numbers, and we see that playing out both with information sharing groups, like Information Sharing and Analysis Centers or ISACs, and through platforms that enable internal sharing across previously siloed tools and teams.
Today, most organizations are members of an ISAC focused on threats to their sector – for example, Financial Services, Oil and Gas, Electricity, Retail, Healthcare, Government or IT. ISACs provide the culture, technology and processes by which organizations can share information with other organizations. And they continually work to provide contextual threat information by creating a community that helps individuals and their organizations grow in maturity and capability.
Organizations also can improve security operations through better internal collaboration. With access to a platform that serves as a shared environment, fusing threat data, evidence and users, all team members involved in the investigation process can collaborate. Rather than working independently, they can automatically see how the work of others impacts and further benefits their own work. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results. Embedding collaboration into the investigation process ensures that teams work together efficiently, reducing time to detection, response and remediation.
As we gather around this “virtual Thanksgiving table,” these are just three of the things I’m grateful we have as security professionals. What would you like to give thanks for?