Organisations sometimes face this dilemma: they had the most recommended tools available and everything was working fine, but somehow their secrets have leaked. How is this possible?
Was it the smart attackers like nation state advanced persistent threats (APTs)? The lack of their own security processes. Or perhaps both?
Security tooling can go wrong
Security tools are both useful and necessary to perform a variety of activities easier, faster and better.
But having various tools and no processes for using them is similar to piloting an aircraft with various lights blinking on the dashboard — but with no procedures for responding to and managing the issues these blinking lights represent .
Many organisations forget that introducing new systems, software or vendors brings difficulties as well as benefits. From a user perspective, new tools help users perform tasks easier, faster and better, but they also introduce more complexity from a technology architecture and management perspective. Without defined processes of using and maintaining the tool — and processes for managing the workforce that uses the tool — it increases the opportunities for cyber attacks.
No matter how good the various tools and systems in use are, they are only as good as the people and procedures managing them. Although there are a number of very sophisticated tools across a variety of cyber security areas that can make the life of a cyber security professional easier, there is no tool with sufficient intelligence to make decisions and take actions on its own.
Even the most sophisticated machine learning and AI-powered systems require people’s time and effort to ensure that the right configurations, maintenance and use procedures, have been implemented . If security teams don’t make the most out of their tools, then attackers will.
Tools don’t innovate
When talking about cyber security implementations and protecting themselves from breaches and incidents, organisations often forget that they are not dealing with static force which does not innovate, which can be understood, predicted, calculated and potentially even avoided, like fire or storms.
Threat actors are a dynamic force that constantly tinker with systems and technologies, trying to find innovative ways to break in and disrupt business operations of their target organisations. While malware code or compromised accounts are artefacts that we see as a result of an incident, people are the driving force behind all technological and online activities — including cyber attacks.
Without trained and skilled people working according to defined processes, those processes are likely to be outsmarted sooner or later.
Be proactive
Successful organisations reduce this difference of mindset between themselves and their attackers as much as possible. They adopt a proactive attitude by continuously improving their business’s daily operations. This helps them to be ready and in control when the worst happens, instead of waiting and responding to issues after they have happened.
These organisations achieve this by developing a meaningful risk-based cyber security strategy — with required improvement activities built in. This could involve undertaking regular risk assessments, creating flexible response strategies, exploring lessons on detection and incident response from the field, and evaluating company tools.
They enable their people to perform better by using the right tools to strengthen certain activities. And they ensure that their tools work for them, not the other way around.
There are people on both ends of the technology — attackers and defenders. While attackers are focused on finding and exploiting an organisation’s vulnerabilities , defenders should ensure that their organisation is working on continuously improving their security posture.
Working with a cyber security partner
If you need support in identifying the right improvements for your business and making the best out of the tools that are already in use, get in contact with our expert team today.