Peter Drucker said, "Culture eats strategy for breakfast". My question to you is; Is this also applicable within the Cybersecurity space?
If only life where that simple…
As always, there are no easy ways to success. Certainly, one can be “successful” (read ‘lucky’) in any given situation, and that single success can be attributed to almost anything. But over time, you will need several things to ensure that your team has what it needs to defend your business.
If you are new to cybersecurity, or just wants to get some input into your cybersecurity work, I have created this checklist of five foundational aspects in building a successful cybersecurity capacity.
Your Cybersecurity strategy is what helps guide your decisions and prioritization. Answer questions like; What is our risk appetite? Which capabilities should we build our selves, and what should we outsource? Should we centralize responsabilities and mandate, or is it an option to distribute responsabilities in the organization? This will be the foundation of your cybersecurity policy.
To avoid spending time and energy on defense efforts that don’t have the right impact, your cybersecurity unit needs an established method to guide their work. The NIST Cybersecurity framework 2.0 for example, devides the work into five operational phases; Identify, Protect, Detect, Respond, Recover, all held together by Governance. This model helps you map your efforts and capabilities to the different phases of the threat management lifecycle, making sure you don’t overspend in one area while underspending in another.
A cybersecurity incident can have many different characteristics depending on the objective and the drivers behind it. But one way of helping to understand an attack is The Cyber Kill Chain (developed by Lockhead Martin). It is a framework that visualizes how a typical cyber-attack is executed. In each step of The Cyber Kill Chain you as a defender need both knowledge, tools, processes and focus to be able to brake the chain. Try to have all of the Abilities above in each step of the Kill Chain.
Your cybersecurity staff will need a large set of tools to give them all abilities necessary to address all phases of an attack. At the same time, the threat landscape is so extensive and complex that you need a technology stack with solutions that integrate into each other and allow you to automate a big part of your day to day work. In an incident scenario, you will need to lay a puzzle of information from different parts of the environment, and your incident responders will need to reach all components of your infrastructure to be able to contain and combat any cyberthreat present. Fortunately, concepts like xDR (Extended Detection and Response) has drastically lowered the threashold for maintaining an effective and efficient security operations.
All of the above is fairly easy to realize compared to finding and keeping the right people. There is a great shortage of skilled personnel in the market, and keeping the ones you find is key. Also, knowledge is perishable in cybersecurity. It is therefore important that people have the time to continuously develop their skills in order to stay on top. Establish a culture that encourages people to be dedicated and engage with passion into their work. If people feel excitement and pride in what they do, you will benefit immensely when “all hell breaks loose”. Because it’s not about IF, but WHEN all hell breaks loose.
If you are one of the few fortunate that can combine the right People and Culture with Strategy, Tactics, Abilities and Tools within your security operations, you are better prepared than most organizations, and have a stronger position to realize your business objectives. Just remember this: