The human element of cybersecurity is one that has moved further into the foreground over the past couple of years, as the shift to remote working moved employees away from the watchful eye of security teams and placed far more responsibility in the hands of the individual user, says Dominic Trott, UK head of strategy at cyber threat intelligence company Orange Cyberdefense.
Considering 85 per cent of security breaches are reported to involve a human element, the threat that employees can pose to the corporate network can never be overstated. Fortunately, businesses are aware of this threat and are placing the human element far higher on the corporate agenda, but it’s also important that the actions of the security team itself aren’t forgotten.
As they battle to detect and respond to threats that originate within their organisation’s perimeter, rather than just those that are trying to penetrate its defences, IT and security teams have been placed under a heavy burden. This burden needs to be alleviated to minimise the risk of overwork causing further human error that could have devastating consequences. They are therefore faced with a complex challenge: how to maximise security and efficiency within the confines of their own capacity. To solve this problem, there are four key themes that security teams need to take into account: integration, automation, outsourcing and security by design.
There are plenty of tools, technologies and processes that can be used to alleviate the pressure facing security teams, but to have the most impact they must work cohesively. Ensuring the measures that are put in place integrate well can increase visibility across the corporate network and maximise efficacy. This will ultimately reduce the burden on security analysts by allowing them to work in a unified security environment that can provide an overarching view of all security alerts, better correlation between events and therefore more effective issue resolution. If security teams don’t have to contend with siloes within their security architecture, they will be able to work more effectively, reducing workload and enabling threats to be resolved faster.
Automation is on the rise within the security sector, and rightly so. Along with reducing costs and freeing up security analysts’ time by automating repetitive and low-value tasks, it can also ensure security teams can maximise existing resources by focusing on higher-value activities. When done well, automating security processes allows teams to boost time-to-value by orchestrating security workflows from end-to-end and signalling autonomous remediation responses to certain events or alerts.
Outsourcing security processes can enable organisations to drive predictability of cost and performance, by sharing the security burden. For example, by partnering with a managed security service provider (MSSP), businesses can gain access to skills, resources and state of the art technology that might not be available to them internally. Employing the help of a professional security partner can greatly reduce the workload faced by internal teams and optimise existing processes. What’s more, by partnering with an MSSP with a managed threat detection offering, businesses can increase their access to security performance metrics and use these statistics to reduce time-to-value and mean time to resolution. Ultimately, working with a skilled MSSP can complement the work of existing security teams, while simultaneously minimising risk.
Security by design
Security by design has become a familiar concept for security practitioners over the past few years. The practice of embedding security into wider digital transformation initiatives, and baking it in from the start, will enable security teams and end users alike to better manage diverse security environments, legacy technologies and people – all of which increase a business’ vulnerability to risk. Adopting a security by design approach will remove the responsibility faced by general employees to be security experts, instead allowing them to get on with their jobs in a way that is innately secure, which will ultimately reduce the volume of alerts IT pros have to handle.
Security teams have been placed under insurmountable pressure over the past couple of years, with cyberattacks on the rise and an entirely new remote environment to protect. While their focus is often on external bad actors or the unintentional threat posed by employees, they mustn’t forget the impact of their own actions as they fight to keep up with the expanding attack landscape. By implementing new processes, tools and partnerships with MSSPs, they can maximise security without adding to their own workload, which will mitigate attacks and ensure simple errors of their own making don’t have dire consequences.