People, Process, and Technology: The Trifecta of Cybersecurity Programs


Cybersecurity program

Introduction

Ensuring that your company’s systems are protected against cyberattacks depends on the proper functioning of each element of your cybersecurity program.  Those core elements are people, process, and technology. 

It starts with your team or your “human firewall”, since this can be your weakest link if you neglect it.  Both your people and your security program are, however, are guided by policies that are executed through component procedures. Together they ensure that your protective, detective, and remedial measures are sustainable, repeatable, and demonstrable. Last, but not least, technology components of a cybersecurity program include solutions like antivirus (AV), intrusion detection, prevention systems (IDPS), firewalls, vulnerability scanning, patch management, IT security policy auditing, behavioral analytics, and more. Without this pillar, you don’t have a cybersecurity program. 

cybersecurity program
The Trifecta of Cybersecurity program

People

Even headed into 2020, there is a pervasive perception among the small to medium sized business community that cybersecurity is the domain of the IT Department. Such an assumption puts the organization in jeopardy…to be effective a cybersecurity program must engage the entire organization, albeit with different responsibilities. Further, in an organization that is regulated, such as financial services or healthcare organizations, such a perception can put your organization at risk for heightened scrutiny, fines and even enforcement orders.

Moreover, it is vital to equip every employee with cybersecurity skills to limit threat risks on the organization’s network. Most cybersecurity threats are due to employee errors; for example, a report by Kaspersky Lab indicated that employee errors accounted for 90% of the data breaches that occurred in the cloud. Employees are often victims of social engineering tactics and may end up unknowingly providing attackers with login credentials or classified corporate data.

People ultimately determine the effectiveness of a company’s technology and processes. Skilled professionals are required to monitor the operations of these cybersecurity pillars. For every vulnerability or threat discovered, your team will be relied upon to remediate or mitigate the risk.  In addition, they could be critical in identifying risks that your existing technology solutions may miss.

Employee Training and Awareness

The simplest cyberattacks target employees who are less skilled in network security. Cybercriminals may dupe an employee via email to send them a classified file or click through a “software update”, which ends up giving the attacker access to the network.

Staff training teaches safe internet habits and makes them aware of the latest phishing tactics used by cybercriminals. For example, when an employee in the sales department receives an email from a source claiming to be the new ‘head of department’ requesting they check an updated sales strategy document on the provided link, what should the employee do? Click on the link first, or report the incident to the IT department? Through employee training and awareness, your staff can better identify phishing threats and make informed decisions that will prevent potential attacks. Moreover, employees will learn safe ways to use devices provided by your organization, such as avoiding plugging in unknown thumb drives or unrecognized external media storage. Staff should also learn to keep login credentials and other vital information away from unauthorized access, cleaning their desks and removing any post it notes that may have information that can help an attacker gain access to the organization’s network.

Competent and Skilled Professionals

Sophisticated attacks may bypass IT professionals and put the network at extreme risk for a successful cyberattack. These attacks get more complex by the day, so it is essential that your organization’s cybersecurity professionals are equipped with the latest skills. Professionals need the up-to-date knowledge on risk analysis and mitigation, intrusion detection, incident response, encryption solutions, software reverse-engineering, and cloud security solutions. Some cybersecurity skills may become irrelevant due to technology and processes. Thus, the need for the latest training cannot be overemphasized.

Learning new skills is easier with the flexibility of training and awareness programs for employees. Training resources are available online, while other training programs can be done on-the-job and sometimes at workshops, webinars, and more.

Staff Management

Cybersecurity responsibilities must be well-defined for each team member to ensure functional processes for threat detection, risk mitigation, and recovery from attacks. From employee training and awareness programs, the organization’s management should outline the responsibilities of each staff in securing the network environment. By assigning roles, cybersecurity professionals identify the most efficient way to coordinate responses to incidents, detect and identify attacks at the onset and prevent severe damage. Cybersecurity programs that invest in training people create a strong framework and add value to the organization and its processes.

Processes

In order to effect an organization’s cybersecurity strategy or policy, processes are required to provide structure for the underlying procedures required for implementation.  Processes define how an organization’s activities, roles and documentation all work together. The core objectives of any cybersecurity process are that it must seek to protect and preserve the confidentiality, integrity and availability of organizational information assets. For any process to be effective, that process must be sustainable, adaptable, and demonstrable. 

Cybersecurity requires a continuing program, not a series of one-time solutions to network security threats. Processes involve constant monitoring of the network for risks and vulnerabilities, the overall effectiveness of the technology solutions applied, and the efficiency of staff in securing the network.

Effective processes contemplate the process for detecting flaws in the cybersecurity program and benchmarking its effectiveness in securing the organization’s network.  The scope of these policies, processes and procedures can vary from organization to organization but fundamentally they provide a framework for five concurrent and continuous functions: identification of risks, protection, detection, response and recovery. 

The most effective processes are those that are adopted based established frameworks, like NIST or ISO, combined with internal findings and accepted recommendation specific to an organization.

Core Functions of NIST

NIST offers clarity on breaking down the core five functions.  Identification relates to developing organizational understanding of managing cybersecurity risk to systems, assets, data and capabilities. Protection relates to developing and implementing safeguards to ensure critical infrastructure service delivery.  Detection relates to the development and implementation of activities to identify security events. Response relates to the development and implementation of appropriate activities to undertake when facing a security event. Recovery relates to the development and implementation of appropriate activities for resilience and to restore capabilities or services that were impaired during a security event.

Minimum Processes

Of course, these five areas are only a high level overview of the major categories. Within each of these categories, there are over a hundred subcategories and within each of these subcategories, there are specific processes.

Generally, there are certain minimums that should apply to the processes of any organization.  Processes should address on an administrative, technical and physical level:

  • Information asset identification and management  
  • Risk management 
  • Vulnerability management 
  • Identity management and access control 
  • Change control  
  • Business continuity planning 
  • Awareness and training 
  • Physical security  
  • Incident response 
  • Auditing and monitoring  

Each part of an organization needs to understand its responsibilities and, where appropriate, have service levels or minimum expectations assigned to it.

Technology

This component functions most efficiently with a strong people and processes foundation to ensure proper management of early incident detection, identification, response, and recovery. Technology solutions protect against risks that may arise from network vulnerabilities. Since vulnerabilities can occur anywhere within the network, deploying a single-point solution will expose the system to numerous threats of attack. Solutions that can be integrated and automated into the security framework to provide distributed protection across the network are the best protection against attacks. For example, an isolated intrusion detection system (IDS) will only detect and report an incident the same way a surveillance camera records a thief roaming around a perimeter wall, but it does not prevent the thief from jumping over the wall. To do that you’d need additional technology. Such complementary tools include a firewall and an intrusion detection and prevention system (IDPS).

Integrated technology solutions

Individual tools will not protect against all threats. So, adopting multiple technology solutions for the network will help reduce the chances of a successful attack against your system. Other risks that expose your business to massive data breaches are best secured under integrated technology solutions rather than single-point solutions. Combining technologies to secure your system derives its effectiveness from the ability of one solution to meet the shortcomings of another, thereby building a stronger framework for system security. Having solutions, like IT security policy monitoring and auditing, that can provide visibility across these tools ensures that the multitude of solutions does not itself create a gap.

Vulnerability Scanning

From the processes of risk assessment and mitigation, cybersecurity personnel should identify efficient technology tools for the system. Using these tools can help find potential weaknesses in the system. A vulnerability scan forms part of the preliminary stage of system security. Through vulnerability scans, the IT security team will quickly detect, identify, and classify weak points in the system.  Vulnerability scans are essential as they help identify the types of attacks that the system may face. Also, through the scans, security professionals can predict the effectiveness of countermeasures to be applied.

Patch Management

Technology must maintain its relevance during operation to guard against evolving attacks. Deploying fixes and updates to technology will improve the functionality of the tools. Patch management assists in identifying shortcomings, testing possible fixes, and deploying the fixes into the technology. In the long term, this process will reduce delays and downtime for your business.

Secure configuration

Ensuring secure configurations is a security essential, both on premises, in the cloud and in hybrid environments. Secure configuration management (SCM) tools will help ensure that your network endpoints remain secure particularly since configurations can be impacted in a multitude of ways during system changes, whether that be changes to devices, applications, new migrations etc.   

Segmentation

Security professionals, particularly when larger network environments are involved, should contemplate the balance between network segmentation to improve security and performance against organizational workflows and maintenance. To improve technology’s performance, professionals should adopt the segmentation of networks. By putting your eggs in one basket, you risk prioritizing security on highly classified data like passwords and personal data. Leveraging data classification to create subnetworks allows your team to assign levels of security of each subnetwork depending on the data being handled thereby minimizing the consequences of a successful breach.

The Trifecta of Cybersecurity Program

People, processes, and technology cannot work independently in a cybersecurity program. Each component must be aligned with the others, to enhance a seamless and secure operation. Any gaps that exist between one component and the other add security holes that increase the system’s and an organization’s risk.

Cybersecurity program

Your company’s cybersecurity framework needs critical planning before implementation to determine its structure, predict foreseeable threats and be able to stop them, and account for unforeseeable threats to secure your system. This framework needs to contemplate not only threat environment changes but other external factors such as, for instance, increasing regulation of privacy and the need to ensure IT compliance in order to meet the requirements of regulations like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Through planning, you can effectively identify the personnel training and skills required for people, the framework relevant to the potential processes, and tools to apply in the technology.

Tags: Cybersecurity program | Vulnerability scan | Risk Assessment

Leave a Reply