Tuesday, September 22, 2020

Cisos Must Incorporate Employee Training When Developing Security Strategy

Cisos Must Incorporate Employee Training When Developing Security Strategy

Spotlight

7 Commandments To Revitalize The Country Safely

Medical experts recommend strict health protocols for public transportation.

Alibaba Cloud Launches New Digital Ecosystem Strategy In The Philippines

This will help local businesses adapt further to the new normal!

EDC Donates PCR Machines To Enhance Negros Oriental’s COVID-19 Resiliency

Energy Development Corporation donates equipment worth P8.5-million to Negros Oriental.

CeMAP, PISI Express Full Support For Bayanihan To Recover As One Act

The Cement Manufacturers Association of the Philippines and Philippine Iron and Steel Institute announce full support to the recently signed Bayanihan to Recover as One Act.

CISOs are facing a perfect storm when it comes to securing their networks. Cyber attacks are becoming increasingly sophisticated just as corporate networks are becoming more distributed and complex – all while security talent becomes harder to find and security strategy best practices evolve.

In the midst of this turmoil, CISOs are now forced to wrestle with how to prioritize the often-limited time and resources available to them to most effectively secure their networks.

This complex, multi-point challenge is explored in the Forbes Insights survey Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources, conducted in association with Fortinet. Surveying more than 200 CISOs about their priorities, the report illuminates the challenges CISOs currently face, including a lack of security budget and the belief that the capabilities of cyber criminals are outpacing their network protection abilities.

The survey examines what contributes to these challenges and then explores ways CISOs can effectively address them. While a number of actions CISOs can take are outlined in the report, one of the most clear moves they can take to improve their organization’s overall security posture is to prioritize employee training and create a proactive cybersecurity culture as part of their overall security strategy.

Cybersecurity Challenges At The Employee Level

According to findings from the report, 35% of CISOs cite the lack of a centralized cybersecurity strategy and the lack of support from senior management as top constraints to effective security. But when examining the reasons behind the lack of central strategy, many of the issues seem to start at the employee layer – both among IT employees as well as general employees across the various lines of business.

Skills Gap

First, CISOs are dealing with the effects of the ongoing cybersecurity skills gap. According to the Center for Strategic and International Studies, 82% of employers claim that they are currently suffering from a shortage of cybersecurity professionals within their organization. This shortage has hindered their ability to develop a more strategic approach to their cybersecurity programs, as well as in their ability to keep pace with new threats.

Because the skills shortage prevents IT and security teams from shifting away from their threat-prevention based security strategy to one focused on detection and response, their security teams end up staying focused on tasks aimed at preventing existing threats, rather than using threat intelligence and advanced tools to identify and respond to unknown vulnerabilities and 0 days.

Departmental Buy-In

But that is only part of the challenge. Cybersecurity cannot be the sole responsibility of the IT team. Even if they had adequate resources, IT and security teams still cannot effectively move beyond a tactical approach without buy-in and participation from the executive suite or from the various lines of business.

One of the biggest challenges that occur inside the network perimeter is insider threats. When looking at priorities that CISOs list among various security initiatives, the prevention, detection, and response to insider threats were consistently listed among their top-tier priorities. Managing insider threats and risks, especially unintentional events – like clicking on a phishing link, using weak passwords, or exposing the network to an unsecured device – eat up a lot of the time and resources of the security team, whose time could be better spent managing threats from external sources. To address this, employees across departments must take a more active role in cybersecurity by learning to avoid common attack tactics and assisting security teams in developing an approach to cybersecurity that will be effective without limiting productivity.

Putting Your Employees At The Center Of Your Cybersecurity Strategy

By putting employee development at the center of their cybersecurity strategy, CISOs enable their teams to work more efficiently while taking a holistic, strategic approach to network protection.
There are a few key ways this can be done:

Employee Training

As the skills gap persists, CISOs should ensure their security team has regular opportunities for further education in deploying, configuring, and managing advanced security tools, as well as identifying and addressing new emerging threats. This is especially crucial to enable them to switch from a focus on prevention to a focus on threat detection and remediation. Proficiency in these types of integrated tools provides IT teams with enhanced visibility into how data is used and moved through the network, in addition to simplified management and analytics abilities. This is crucial as networks become more distributed and detection and remediation become increasingly important.

Additionally, the skills gap means organizations are less likely to hire new people with extensive field experience, which means they will have to focus on developing the skillsets of their existing team. To make this easier, Fortinet customers have access to our in-depth, hands-on training on our product suite as well as fundamental security principles through the Fortinet Network Security Expert (NSE) program. The NSE program offers eight course levels, beginning with understanding the threat landscape and the evolution of cybersecurity, through to the ability to configure, install, and troubleshoot a comprehensive security solution. Investing in security training like this enables CISOs to ensure that a strong internal candidate is ready when a position becomes available, as well as assisting in employee retention for essential security staff.

Leverage Automation

Another way CISOs can help increase the productivity of their limited security teams is by giving them back time to focus on strategy. One way to do this is to deploy security solutions that make extensive use of automation through AI and machine learning. Cyberattacks are happening at machine speed – meaning that your security team cannot keep up with threat correlation, or even basic remediation efforts, on their own. Automated solutions can work to respond to anomalous activity and known threats attempting to breach the network – allowing security teams time to focus on strategy and remediation efforts. For example, rather than having security teams working around the clock to detect potential internal threats, they can use machine learning to understand what normal behavior for employees looks like, and then react when behavior deviates. They can also be assigned menial tasks such as inventory management and patching, freeing up human resources to focus on higher-order activities.

Develop A Cyber-Aware Culture

The top answer given by CISOs when asked about security priorities over the next five years, was to “create a culture of security.” This involves training employees across lines of business in good cyber-hygiene. Beyond making sure that employees can identify phishing attacks or know how to update their applications on a regular basis, CISOs should also foster collaboration between departments and the security team. This will reduce instances of inadvertent internal threats, and increase overall buy-in for the security program. Ensuring that lines of business are aware of security strategy, and are happy to work with IT teams to ensure security policies, ensures buy-in across the organization.

By focusing on training and enabling employees to perform basic security tasks such as updating devices, identifying suspicious behaviors, and practicing safe cyber behavior across teams, CISOs can begin to establish a holistic security strategy that can stand up to today’s advanced threats.

Final Thoughts

CISOs are in a challenging position of having to secure increasingly distributed networks from advanced threats with limited resources. By focusing on employee development, enablement, and buy-in, CISOs can create a centralized security strategy that builds collaboration and reallocates security teams away from tactical, reactive work to more proactive and strategic efforts.

Latest News

Globe Partners With DLSU For World-Class STEM Education

Globe partners with De La Salle University to enhance the delivery of world class Science, Technology, Engineering and Mathematics (STEM) education to its students.

Sen. Pangilinan: Agriculture Is Engine Of Growth During COVID-19 Pandemic

"'Pag mas marami ang tanim, mas mababa ang presyo. Pero volume na yon. At kapag mas mababa ang presyo sa retail, may food for everybody. Food secure na 'yon."

Sen. Gatchalian Pushes For Replacement Fuel To Malampaya To Avert Possible Brownouts

"We're racing against time. If we fail to act now, we could be experiencing anew a debilitating rotational brownout by 2024 once our power supply from the Malampaya gas field is depleted."

Valenzuela Requires All Indoor Shops To Use Contact Tracing App

Heads up! All enclosed indoor establishments in Valenzuela will be required to to use the Valenzuela Tracing Application (ValTrace app) starting October 5.

Bataan Logs 30th Coronavirus Death

A senior citizen in Bataan has succumbed to the coronavirus recently.

Tagaytay ‘Good Model’ For Tourism Ops Amid COVID-19

Eleazar lauds Tagaytay City for being a good model in managing the entry and movement of tourists to ensure that both local residents and visitors are protected from COVID-19.

Comelec Releases Disinfection Schedule In 4 Regions

Take note of the disinfection days at the Comelec office!

DFA Logs 1 More Overseas Filipino Infected With COVID-19

DFA reports 1 more case of COVID-19 among Filipinos abroad on Saturday.

Mayor Isko Calls For Unity, Cooperation In Saving Manila Bay

"Hindi kalaban ang pamahalaan, meron tayong kalaban, baka katabi nyo lang, andyan lang si COVID-19 lumiligid ligid, yun ang tunay na kalaban."

Pres. Duterte To Address Nation From Davao City On Monday

Expect PRRD to deliver his weekly address in Davao today.