Organizations are enduring cost reduction initiatives in uncertain times, however security leaders have challenges to keep the business secure from growing cyber breaches. IT security leaders are looking for cost effective security programs that enhance their cyber security immune systems. This article focuses on below top five initiatives that business leaders should explore.
#1 – Maximize the utilization of existing security investments
Organizations do invest on security tools and technologies for business purpose and consider budgets every year – often, they don’t assess how well it’s configured to fulfill all of the business requirements. For example – Many customers do have IDS/ IPS devices – but don’t utilize it properly. Many security technologies, if examined thoroughly have been enabled with features during its inception phase. Business don’t track the value of their security investments with defined metrics. Its time to obtain the invoices from procurement function to evaluate what contracts are in place with vendors across various security products and services. Identify what all use cases and capabilities possible with the products and solutions. Validate with security operations team to figure out whether the solution components are configured to enable the functionality and demand to perform enhancements.
#2 – Prioritize security control enforcement across crown jewels and critical assets
Maintaining security hygiene by ensuring adequate security hardening standards based on CIS benchmarks are must for any security practice. Organization should audit their asset inventory to identify and prioritize their crown jewel applications and business critical assets. If these assets are not enforced with minimum baseline security standard, organization cyber health are poorly managed and maintained. Business leaders should have continuous compliance dashboard of these assets
#3 – Develop programs to protect from top 5 business cyber threats
According to Verizon 2020 Data Breach Investigations Report – The top five most common cyber breach tactics are
- Social attacks
- Malware and
- Misuse of authorized credentials
Organizations should constantly monitor the cyber threats and to study the tools, techniques and tactics been used for compromise. This helps to develop programs such as ‘red team’ and ‘blue team’ exercises results to mitigate security exposures.
#4 – Enforce breach response readiness programs and business continuity plans
Security compliance standards, industry regulations and privacy acts demand organization to notify the security incidents to authorities. However, the business executives will face pressures from their clients in the event to cyber breaches. Business continuity plans that often undergo mock exercises will make various stakeholders in the organizations to execute crisis management process. Breach readiness programs are important in today’s business assuming breach scenarios and develop breach responses and recovery processes.
#5 – Identify ‘security champions’ across business units to reduce cyber risks
Cyber security skill shortage is known issue across industry. Organizations should cross-skill their workforce with security technologies that are required for their functional and domain requirements. Promote ‘security champions’ program to train talents and offer rewards to cultivate the culture of acquiring new cyber security skills. Security is everybody’s business and no longer an IT function.