The Expert View: Overcoming challenges in security operations

A recent survey by Adarma found that although most businesses have suffered a cybersecurity breach, they still feel confident that there are no gaps in their security, Donna Goddard, Adarma’s Head of Security Engineering, told a TEISS Breakfast Briefing at The Goring Hotel in London.

Often it is the businesses with the most tools that feel the most confident, she told attendees, who were all senior executives from a range of sectors. However, tools alone aren’t enough. Businesses need the right people and processes. Are businesses over-confident about their cybersecurity?

‘We’re already on the back foot’

One concern is that tools leave gaps, said John Spencer, Pre-Sales Leader, Northern Europe, at Crowdstrike. He said adversaries will target those gaps, so businesses should not be too confident in their tools. Crowdstrike measures ‘breakout’ time in attacks, which is the time between an adversary gaining access to your network and then moving laterally. A typical time used to be around 10 hours, but adversaries now move so fast that it has fallen to 17 minutes.

There are other challenges too, and one that those at the briefing highlighted is legacy technology. “We’re already on the back foot,” one attendee said, because legacy systems often lack the built-in, ‘free’, security benefits that come with more modern systems.

Legacy systems, in contrast, are not as well understood by the business, they are less well-maintained and, as a result, they are more vulnerable. They could become a problem at any time, though many senior executives take the risk that legacy systems will survive their term of office. That’s a dangerously short-term way of thinking.

Another common problem that attendees identified is not knowing what you have within your IT estate. If you aren’t aware of the systems that are connected to the internet even though everyone has forgotten them, then you are storing problems for the future. Shadow IT and improperly configured systems can also cause problems.

Assembling a toolbox

Overcoming these challenges is not simple but attendees agreed that a good starting point is to document the business outcomes you are seeking. Identify the threats to those outcomes, then look for tools that can protect you. It’s important not to treat this as a one-time task. Businesses change all the time, so the process must be repeated regularly.

You also need to examine your tools to find areas that are not covered by any tool and areas that are covered by more than one. In the first instance, you are leaving yourself at risk, while in the second you are potentially paying for a redundant service. To avoid paying for unnecessary tools, ask yourself what you are trying to achieve with each one.

As one attendee warned, it can be hard to make full use of all the features of each security tool. There is a trend towards tools that can do everything, but a business might buy them for just one task and not look beyond that. Furthermore, you need the in-house skills to get the most from a tool. For example, many tools produce masses of detailed reports, but these are only useful if you have the skills to interpret them and act on their recommendations.

The right people

That brings us to a point that dominated much of the conversation: having the right people in place. It is common to say that there is a skills shortage in cybersecurity, but one attendee argued, “I don’t think we have a skills shortage. We just don’t hire in the right way.”

Often, some suggested, companies complain about a lack of skills because they simply can’t - or don’t want to - pay the cost of training. However, there are plenty of potential employees out there with skills that can be built upon with training. For instance, one executive said she looks for people with customer service experience and knows she can train them in the technical skills they will also need.

Organisations should look at diversifying their teams - not just through race or gender but also in hiring from different social backgrounds or looking for people returning from a career break. And apprenticeships can be a good way to bring in younger people. A more diverse team is one that will have different ways of thinking and of approaching a problem - qualities that are invaluable in cybersecurity.

Overcoming challenges in security operations is far from an easy task but, as the briefing made clear, there are paths forward that organisations can take. The greater the foundation they put in place, the less they are at risk from over-confidence.

For more information, please visit Adarma.