SBN

Weekly Blog Post

Weekly Blog Post

At The Corner Of Cyber And Blog

Should Being Hacked Lead To A Termination Of Employment?

Sunset in Carlsbad California

“What happened, people?”

“Sir, we got hacked again through the firewall. Somehow they found a vulnerability.”

“What, are you kidding me. How much do we play that managed service provider you recommended!!”

“Sir, there are anytime more vulnerabilities than solutions.”

“What are you now just telling me this!!”

Cybersecurity people each day work like doctors hours for half the pay, yet carry more burden, stress, and anxiety than most professions. Protecting intellectual property, enabling adequate security, unauthorized access to systems, and maintaining the organization’s security posture are always top of mind for security personnel. All company employees should have “ a corporate-wide cybersecurity resource added” to each job description.

Having to worry about a job over a cyberattack should not be top of mind for a person that works in this field.

Breaches, hacks, data exfiltration, and account takeovers will happen. Bread crumbs were dropped on the virtual ground months before most attacks happened. Cybersecurity experts, including global technology companies like Cisco, Google, and Amazon, have had their share of attacks. Yet, the owner of the data protection, risk management, and cyber protection should not fall on one department, one engineer, or one director. Cybersecurity is 100% should be viewed as a “team sport.” Everyone in the organization should be considered a stakeholder in the battle dealing with cyber attacks. Yet, many organizations still want to silo and compartmentalize cyber and IT instead of blending the organization into the security fabric.

Moving the Bar from Vertical to Horizontal

The good news, thanks to DevOps, this progression of the silo mindset is changing. Thanks to the Agile movement for product development, this revolutionary mindset broke down traditional IT thinking and moved from a north/south model (Waterfall) to a horizontal conception. Placing all resources and workstreams on an equal playing field promotes a “common goal” culture over the traditional blame game. Using collective sprints and workstreams, intelligent and forward-thinking organizations interweave resources from AppDev, DevOps, SecOps, and NetOps to reduce the overall risk by having integrated sprint cycles including all domains not just a specific task.

Organizations that have adopted “the horizontal model,” including additional training for everyone, see tighter security integration in each phase of their product design, production, and support. Companies that integrate pen-testing into their ongoing continuous security threat reduction program see less common error attacks against their platforms.

No one model is perfect. Even the most tightly designed security models at the NSA, CERN, CIA, and Bank of England will get hacked. However, these organizations leveraging the teaming model for better joint incident response and a combined teaming to learn from the experience is a much better way for organizations to function.

Everyone is a member of the Security Team.

Finger points, blame games, and playing “dumb” will not stop future cyber attacks. Because of the complexity of a cyber event, employee negligence should not be the first reaction of an organization. Companies leverage over time audits and other checkpoints during the year to validate the company’s resources, tools, and overall effectiveness, not just one department that monitors entity behavior analytics.

Word of the advice. Cybersecurity professionals do more than most do in one day, even on weekends and Superbowl Sunday. If these value resources feel the support from the organization, they are less likely to listen to offers from other firms. The security policy, all cybersecurity systems, and dealing with suspicious is a complete team sport with everyone within the organization becoming the solution.

All the best,

John

*** This is a Security Bloggers Network syndicated blog from Stories by John P. Gormally, SR on Medium authored by John P. Gormally, SR. Read the original post at: https://jpgormally.medium.com/weekly-blog-post-dadd73ec3d14?source=rss-160023698d42------2