Three Simple Steps To Effective Cybersecurity

The cybersecurity landscape can be difficult to navigate. From the outset, it can seem like a crowded place, with countless cybersecurity providers offering what appear to be incredibly similar solutions. There’s also the question of outsourcing vs in-house cybersecurity and the ramifications that accompany each choice.

Even once these details have been ironed out, there are a multitude of different factors which must feed into an organisation’s cybersecurity strategy.   

As each organisation is unique in its IT infrastructure and tech stack, it’s understandable that each one would need to take a nuanced approach to cybersecurity. Despite this, there are three key steps that I’d recommend all organisations follow if they are to ensure effective cybersecurity protection.  

1.    Shift left – Invest In DevSecOps 
Security teams often don’t have enough control over the app development life cycle. Companies are buying capabilities from hyper-scalers and cobbling together apps with open source, but they’re not thinking about the seams between widgets and frames. These organisations need a set of policies that are established and implemented as code. 

By leveraging DevSecOps, organisations can ensure that security is incorporated far earlier into the software lifecycle development process and is also a shared responsibility throughout the entire IT stack. Security should be considered a priority from day one, by everyone from the C-Suite down to the developers writing the code. 

In fact, developers are key to maintaining security throughout the software delivery lifecycle. Their approach to security must be consistent, meaning that it should be built into every line of code that’s written.

Providing developers with the relevant training, as well as open lines of communication with the security team are the key ingredients needed to enable this. 

2.    Shift right – Prepare To Recover
Understand what your business-critical systems are and assume you will get hacked. How long can you afford to be down? And where will you pull back good, known data and system configuration? Think within the context of where your data and services are and how to bring them back up again in the order of priority that they need to be recovered. 

Though investment in prevention measures is still essential, it’s naïve to imagine this will be 100% effective. No cybersecurity solution is perfect as there will always be vulnerabilities. The conversation has moved past “how do we prevent an attack?” to “how do we survive?”. As a result, it would be foolish not to also implement a strong recovery process. 

3.    Level up – Simplify In The Middle
It’s not uncommon that organisations inadvertently acquire a convoluted or mismatched set of cybersecurity solutions. This is easily done as new tech may have been hastily adopted in a reactive manner following a breach. Alternatively, security technology is often sold by vendors as part of technology packages that include a number of other capabilities. Therefore, it may not have been directly selected and purchased by the CISO. As a result, they may inherit a disconnected security stack made up of different technologies that only target single or narrow use cases.

An organisation is unlikely to be receiving the very best cybersecurity protection if its stack is built upon a non-complementary set of tools and services. 

Building a more resilient IT infrastructure is key to securing the overall organisation. It starts with a focus on the integrating of (often a plethora of different) tools and technologies and the overall outcome, rather than fixing issues on a case-by-case basis. The easiest way to integrate different technologies in a tech stack is to simplify it. CISOs need the opportunities to conduct a thorough ‘spring clean’ of their tech stack closet. Throughout the process, they must identify the key capabilities of the organisation – everything beyond this can go. 

Maintaining a healthy cybersecurity posture is not an easy task as cyber attackers are consistently becoming more sophisticated and elaborate in their methods. However, it’s by no means impossible. By following the principles outlined above, cybersecurity professionals can support a vigilant and agile approach at all times. 

Allen Downs is Vice President, Security and Resiliency Services at Kyndryl

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

 

« The NSA Hacked Huawei Long Ago
Containers Are Temporary, But Container Data Is Not »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.