While the arrival of spring promises better days ahead, enterprises are also facing a cyberthreat landscape filled with both familiar threats and emerging attack vectors. As a result, it’s worth taking stock of current security systems and services to see what’s working, what isn’t and where operations can be improved. But how do businesses begin?
Start with the 30-day spring cleaning challenge. Experience four weeks of practical programming, followed by a two-day wrap-up. It’s designed to help companies evolve current cybersecurity policies into improved infosec operations that reduce operational risk.
Week 1: Assess Your Cybersecurity Plan
Simply put, good intentions and increasing awareness don’t translate into actionable results. Enterprise IT environments are too large and too complex to fully secure over the course of years or even decades — let alone during a single, 30-day month.
As a result, Week 1 of the spring cleaning challenge focuses on smart assessment. This has several parts. First, you will determine where your existing cybersecurity plan is working and where policies are coming up short. Next, decide where it makes the most sense to spend IT security budgets and shore up specific weak points.
Consider the cloud. As companies make the shift away from on-site data centers, the cloud represents a major cybersecurity risk. But, you cannot defend ‘the cloud’ as a whole. The scope and scale make any effort at complete protection ineffective at best and actively harmful at worst. Instead of taking a one-size-fits-all approach here, enterprises must assess cloud frameworks to pinpoint critical risks, such as absent two-factor authentication or the lack of end-user visibility. Armed with this knowledge, you’re ready to tackle Week 2.
Week 2: Address Your Plan
The second week of this spring cleaning security sweep focuses on readying the resources required to address the issues from the first week. The specific form factor may differ. In some cases, budget adjustments are needed. Others may focus on improved employee training or the creation of new cybersecurity policies. But, the function remains the same. Create a new cybersecurity plan that gets your company from ‘here’ to ‘there’ well.
Let’s look at our example from Week 1, again. If the most pressing issue identified is the lack of two-factor authentication (2FA), enterprises have several options, including the implementation of advanced identity and access management (IAM) tools, or shifting current service providers to prefer those with natively-enabled 2FA.
The first case requires a bigger budget ask, meaning IT teams will need to articulate the value of 2FA solutions to C-suite executives, while the second comes with potential productivity pitfalls if cloud providers don’t have 2FA offerings or have locked-in company data. In either scenario, addressing the issue means seeing and taking into account the cost, time and resource impacts that will follow improving a cybersecurity plan.
Week 3: Analyze
Week 3 is all about analysis — deploying and testing new tools that directly impact affected areas to resolve known shortcomings.
In this week, the goal is metrics over mission statements. While it’s always a good idea to create key messaging around a new cybersecurity plan, it’s easy for good intentions to quickly become also-rans if new tools are put in place but never tested.
To ensure the cybersecurity plan is living up to expectations, it’s critical for teams to define and measure specific outcomes over time. In the case of 2FA, this means drilling down and checking the number of successful and failed authentication attempts. It also means keeping in touch with front-line and C-suite staff to determine the overall rate of adoption.
Here, the biggest potential pitfall encountered by companies is the fear — not the function — of failure. Many teams are reluctant to dig in and measure key outputs for fear of lackluster results and slashed budgets. However, this approach delivers the opposite intended effect. Systems that could easily be saved are ignored and ultimately forgotten.
Instead, it’s critical to forge ahead with complete failure analysis. For example, what if data shows that 2FA authentications are regularly failing and staff surveys speak to a frustration with authentication apps? The solution may be as simple as adjusting code entry times or making it easier for employees to connect and authenticate across multiple devices.
Week 4: Automate
With issues assessed, remedies addressed and solution impacts analyzed, Week 4 focuses on improving operations with automation with AI and machine learning (ML) to reduce the resource strain on IT departments and mitigate the risk of human error.
Consider a new IAM framework. It’s possible for staff to evaluate each login attempt by hand to look for potential outliers, such as strange times of day, odd locations or odd user behaviors. But this isn’t an effective use of resources, since almost all of these access attempts will be benign.
Here, AI-driven, automated tools are ideally positioned to learn problematic patterns and recognize key indicators of compromise (IOCs), then terminate sessions as required and report these issues to human IT staff. The result? A better use of resources across the entire cybersecurity plan.
The Wrap-Up: Evaluate Your Cybersecurity Plan
With just two days left in the month, enterprises need to wrap-up the challenge efforts with an evaluation of each week’s role in overall cybersecurity plan improvement. From the scope of assessment to the effectiveness of budget or resource discussions, the speed of adoption to the scale of automation, this is an opportunity to fine-tune processes and develop improved strategies for tackling the next cybersecurity issue.
Last but not least, as spring transitions into summer, it’s time to reset the calendar and start again. That’s the real challenge. While awareness gets a well-deserved month in the spotlight, ongoing action and a cybersecurity plan for the future sets the stage for decisive, data-driven change.
The post Clean Sweep: A 30-Day Guide to a New Cybersecurity Plan appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Douglas Bonderud