Successful Security Operations in the New Normal
As more businesses shift to a work-from-home model amid COVID-19, IT teams are facing a surge in security threats. You’ve most likely received some of the phishing attacks that target employees who are adapting to changing work conditions and worried about business and economic news. Under-protected home networks and devices are easy prey.
As CIOs and CISOs race to deploy additional controls and processes to combat these threats, it’s critical that they incorporate key elements into their programs to ensure they are effective.
Back to the Basics: Communication Is Key
When implementing new security measures, communication is simple, yet often undervalued. IT leaders must effectively communicate what solutions are being introduced and why they are necessary. Clearly outlining the entire process to employees helps ensure that security measures are implemented properly and at scale across the organization. This includes explaining the threat context and potential business impact behind security deployments such as two-factor authentication, app limitations and controls, and email and web browser protections. Where possible, IT leaders should assure employees that using these extra precautions won’t limit their productivity and are necessary implementations. Employees have become a lot more security-savvy in recent years; communicating these measures clearly empowers them to be part of the solution.
Doubling Down on Usability
In addition to effective communication, IT leaders should lean into security solutions with high usability. Usability has multiple meanings. First, target the end user—security solutions with high usability should feel “invisible” to users. IT leaders can integrate or disguise security activities within each employee’s normal work system, requiring less work from the employee. Less reliance on the individual improves an organization’s security posture.
Second, target your overworked security and IT users. Unfortunately, for security teams and their IT counterparts, usability is still an area that has significant room for improvement. Far too many security processes still rely on spreadsheets and email instead of being fully or partially automated. Data management and change management are a nightmare.
We also still see security analysts, vulnerability managers and IT Ops teams navigating between multiple duplicative tools with scripts wiring the solutions together. This slows things down and limits the ability for teams to scale their security resources. It also doesn’t support accountability or foster an IT culture that’s able to adapt to changing processes. And finally, it encourages errors, as manual processes under stressful conditions often lead to problems, unlike automated processes that reliably follow runbooks and policies.
Automation as the Silver Bullet to COVID Security
There’s plenty of evidence showing that automation can be safe and enormously beneficial to boosting productivity, user morale and security postures. Automation frees up employees from mundane, repetitive tasks and allows them to take on more meaningful work. Additionally, it replaces ad hoc decisions made under pressure and avoids errors made by surge and crossover employees who are racing to get work done. Mistakes are what hackers are counting on and are also what cause so many service outages.
In terms of an organization’s security team, automation efforts should focus on common volume drivers such as phishing, malware, vulnerability management and access management. Aspects such as enrichment, scoring, assignment and remediation handoffs can all be automated. Next, organizations should think about where policies and rules can be embodied in workflows. After all, while digital workflows save time, they also produce more accurate and compliant results that align with an organization’s security posture.
Automation powered by AI and machine learning (ML) systems have never been more critical to enterprise security. AI-powered systems can identify and consolidate similar incidents, assign them to the best investigator or remediator, and predict when a situation is going down a dangerous path. You aren’t just working faster, you are working smarter.
The Bottom Line
It’s unfortunate but true that employees are the weakest link in the security chain. The changing workplace situation has increased the attack surface, giving cybercriminals more pathways in than ever before. Security and IT leaders need to ensure there are quick avenues for employees to access security measures, report potential threats and investigate and respond just as easily.
Communication and automation are two tangible tactics to operationalize now. Leaders who refocus on the often-overlooked soft skills as well as fully harness the power of technologies such as automation can optimize productivity, costs and resilience.
As the likelihood of a permanent hybrid or even fully remote working environment increases, we know no security plan will be foolproof. These steps can help you be prepared.