Three Simple Steps To Effective Cybersecurity

Uploaded on 2022-09-15 in TECHNOLOGY--Resilience, FREE TO VIEW

The cybersecurity landscape can be difficult to navigate. From the outset, it can seem like a crowded place, with countless cybersecurity providers offering what appear to be incredibly similar solutions. There’s also the question of outsourcing vs in-house cybersecurity and the ramifications that accompany each choice.

Even once these details have been ironed out, there are a multitude of different factors which must feed into an organisation’s cybersecurity strategy.   

As each organisation is unique in its IT infrastructure and tech stack, it’s understandable that each one would need to take a nuanced approach to cybersecurity. Despite this, there are three key steps that I’d recommend all organisations follow if they are to ensure effective cybersecurity protection.  

1.    Shift left – Invest In DevSecOps 
Security teams often don’t have enough control over the app development life cycle. Companies are buying capabilities from hyper-scalers and cobbling together apps with open source, but they’re not thinking about the seams between widgets and frames. These organisations need a set of policies that are established and implemented as code. 

By leveraging DevSecOps, organisations can ensure that security is incorporated far earlier into the software lifecycle development process and is also a shared responsibility throughout the entire IT stack. Security should be considered a priority from day one, by everyone from the C-Suite down to the developers writing the code. 

In fact, developers are key to maintaining security throughout the software delivery lifecycle. Their approach to security must be consistent, meaning that it should be built into every line of code that’s written.

Providing developers with the relevant training, as well as open lines of communication with the security team are the key ingredients needed to enable this. 

2.    Shift right – Prepare To Recover
Understand what your business-critical systems are and assume you will get hacked. How long can you afford to be down? And where will you pull back good, known data and system configuration? Think within the context of where your data and services are and how to bring them back up again in the order of priority that they need to be recovered. 

Though investment in prevention measures is still essential, it’s naïve to imagine this will be 100% effective. No cybersecurity solution is perfect as there will always be vulnerabilities. The conversation has moved past “how do we prevent an attack?” to “how do we survive?”. As a result, it would be foolish not to also implement a strong recovery process. 

3.    Level up – Simplify In The Middle
It’s not uncommon that organisations inadvertently acquire a convoluted or mismatched set of cybersecurity solutions. This is easily done as new tech may have been hastily adopted in a reactive manner following a breach. Alternatively, security technology is often sold by vendors as part of technology packages that include a number of other capabilities. Therefore, it may not have been directly selected and purchased by the CISO. As a result, they may inherit a disconnected security stack made up of different technologies that only target single or narrow use cases.

An organisation is unlikely to be receiving the very best cybersecurity protection if its stack is built upon a non-complementary set of tools and services. 

Building a more resilient IT infrastructure is key to securing the overall organisation. It starts with a focus on the integrating of (often a plethora of different) tools and technologies and the overall outcome, rather than fixing issues on a case-by-case basis. The easiest way to integrate different technologies in a tech stack is to simplify it. CISOs need the opportunities to conduct a thorough ‘spring clean’ of their tech stack closet. Throughout the process, they must identify the key capabilities of the organisation – everything beyond this can go. 

Maintaining a healthy cybersecurity posture is not an easy task as cyber attackers are consistently becoming more sophisticated and elaborate in their methods. However, it’s by no means impossible. By following the principles outlined above, cybersecurity professionals can support a vigilant and agile approach at all times. 

Allen Downs is Vice President, Security and Resiliency Services at Kyndryl

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

 

« The NSA Hacked Huawei Long Ago
Containers Are Temporary, But Container Data Is Not »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.