How to develop a functional cybersecurity skills development programme for your organisation17 June 2020 | Jose Carrera & Ahlam El Mhamdi
As major business model disruptors emerge, whether from technology advancements, competitor actions, regulations or other sources, leaders are growing even more aware of organisational inflexibility. Many find their organisations’ potential unwillingness or inability to make necessary timely adjustments to the business model and core operations that might be needed to respond to change.
Cybersecurity continues to be a moving target. As innovative digital transformation initiatives, cloud computing adoptions, IoT expansion, robotics, AI and machine learning advances continue to outpace the cybersecurity protections most organisations have in place. Increasingly sophisticated attacks by perpetrators of cybercrime add to the uncertainty. The old adage; there are two categories of organisations: those that have been breached and know it and those that have been breached but do not know of it yet.
Digital14 talent management and digital education experiences have synthesised and identified that many executives continue to be concerned about their ability to enact change, despite the reality that change has become a way of life for most organisations. Whether covert or overt, resistance to these changes is necessary to deal with disruptive innovations or regulatory constraints that alter business fundamentals can be catastrophic. Strategic error in the digital economy can result in an organisation paying the ultimate price if it continues to play a losing hand in the marketplace. As an organisation moves forward in this “brave new digital transformation world”, we highly recommend keeping in mind the following our KPs (Knowledge Principles)© to increase your functional cybersecurity skills development:
True to our vision; “To build a trusted digital world where everyone has the freedom to reach unprecedented outcomes”, implementation of a functional cybersecurity skills development programme for your organisation... means intrinsically that there is no simple one-size-fits-all solution. What you need to keep in mind is that every organisation is distinct. When it comes to cybersecurity, there is no one-size-fits-all solution. What will work for your organisation will depend on its mission and goals, the kind of infrastructure and information you are protecting, available resources, etc. Finally, recognise that some techniques will only be learned with time and experience…this should not stop you from getting started! However, we can assist; we got this!
Executive management’s commitment to cybersecurity incidents is a risk that should be incorporated in the overall risk management policy of your organisation. Furthermore, managing cybersecurity incidents does not just mean applying technology. It also requires the development of a plan that is integrated into the existing processes and organisational structures, so that it enables rather than hinders critical business functions. Therefore, executive management should be actively involved in defining an organisation’s cybersecurity prevention and incident response plan, because executive management’s explicit support through appropriate internal communication and the allocation of personnel and financial resources is key to the success of the plan.
A well informed executive manager will be aware both of the risks of cybercrime and of his own exemplary role in encouraging all members of the organization to assume their responsibility.
Involve every member of your organisation! It is often said that humans are the weakest link when it comes to cybersecurity. (Ponemon Institute). It is also important to realise that the members of your organisation have great potential to help you detect and identify cybersecurity incidents. Make sure that every member of your organisation is aware of your cybersecurity incident response plan and their role within it, even if this means informing the right person about the information and communications technology anomalies they stumble upon.
Any cybersecurity practitioner must be able to handle any imminent threat of current violation of an organisation’s information (cyber) security policies or standard security practices. These cybersecurity incidents could include malware, ransomware, phishing, SMSishing, Advanced Persistent Threats (APTs), Distributed Denial of Service attacks, and more.
A cybersecurity practitioner must be able to manage and analyse the security information and event management (SIEM) tools and services. The underlying principles of every SIEM system are to aggregate relevant data from multiple sources that identify deviations from the norm and take appropriate action.
SIEM systems work by hierarchically deploying multiple collection agents to gather security-related events from end-user devices, servers and network equipment, as well as specialised security equipment, such as firewalls, antivirus or Intrusion Prevention Systems (IPSes). The collectors forward events to a centralised management console, where security analysts sift through the noise, “connecting the dots” and prioritising security incidents.
At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM systems have evolved to include user and entity behaviour analytics and security orchestration, automation and response.
A cybersecurity practitioner must be able to conduct a thorough review of the organisation’s adherence to regulatory guidelines, such as but not limited it to Health Insurance Portability and Accountability Act, The Federal Information Security Management Act, Sarbanes-Oxley Act, Payment Card Industry Data Security Standards, General Data Protection Regulation, Control Objectives for Information and Related Technology and ISO 27001 and 20000.
Security audit and compliance knowledge are very important because any missed area of regulatory compliance could lead to significant fines and penalties for the organisation.
A cybersecurity practitioner must be able to leverage analytics and intelligence gathering to identify and detect attacks as quickly as possible. Using analytics and intelligence allows the cybersecurity practitioner to aggregate network and application data to prevent attacks from occurring in the future.
A cybersecurity practitioner must be able to leverage a firewall to filter network traffic and prevent unauthorised access onto the network. Also, the security expert must know about Intrusion Detection Systems (IDS) and IPS and know how they relate to the firewall.
A cybersecurity practitioner must be able to operate the IDS and then identify any suspicious traffic on the network as well as any security policy violations.
A cybersecurity practitioner must be able to improve the security of any application by finding, fixing, and preventing its vulnerabilities. Besides, the expert must test and validate during the software development lifecycle so that vulnerabilities are addressed before an application is deployed.
A cybersecurity practitioner must be able to leverage advanced threat protection software to prevent, detect, and identify APTs that might circumvent traditional security solutions like anti-virus, firewalls, and IPS/IDS.
A cybersecurity practitioner must be able to work with the Information Technology department to secure and deploy smartphones, tablets, laptops or any mobile device as well as understand data loss prevention strategies.
A cybersecurity practitioner must be able to handle, analyze, and securely store all types of data.
A cybersecurity practitioner should understand forensic tools and investigative methods used to find data, anomalies, and malicious activity on the network, in files, or other areas of the business.
A cybersecurity practitioner needs to understand the best practices for Identity and Access Management and ensure that the security policy demonstrates an acceptable use for various roles and responsibilities within the organization.
Concluding D14 KPs Digital Paradox: Breach Detections between Cyber “Leaders” and “Beginners”
D14 KPs differentiates on the maturity of cybersecurity capabilities among leaders, intermediates and beginners. Digital maturity relates to cybersecurity maturity, as they often go hand-in-hand. According to published research, 68% of digital beginners are also cybersecurity beginners, and only 3% are cybersecurity leaders. (D14 and Gartner).
Unsurprisingly, 46% of digital leaders are also cybersecurity leaders, and only 6% of digital leaders are cybersecurity beginners. However, over 50% of digital leaders are not cybersecurity leaders, leaving them more vulnerable to cyberattacks because of their higher reliance on digital platforms. (D14 and Accenture).
This “digital paradox” in business results in digital leaders reporting more cyberattacks than beginners. There are several reasons: Digital leaders likely are better at monitoring cyber activity and have stronger detection measures. Thus, they are more aware of attacks and breaches than other organizations that may be experiencing similar levels of attacks but not be aware of them. In addition, digital leaders are more likely to have an expanded attack surface, as they are leveraging the internet of things, mobile platforms and other technologies for various purposes where security is generally immature.
We are happy to report that for our digital leaders, advanced technologies, such as but not limited to artificial intelligence, machine learning and natural language processing, encourage the enhancement of an organisation’s cybersecurity capabilities. Conversely, on the downside, hackers and bad actors are leveraging these same technologies as well. To minimise risks, implement (build, reinforce), our D14 KPs cybersecurity into your digital transformation process.
Call us to discuss our D14 KPs and assisting you and your organization in creating a best-in-breed functional cybersecurity skills programme into your digital transformation lifecycle.
D14 KPs (Knowledge Principles)© is the intellectual property of Digital 14.
Connect with us