“There are only two types of companies in the world: Those that have been breached and know it, and those that have been breached and don’t know it.” – Ted Schlein [1]

Today’s cyber security ecosystems are complex, ranging from single computer organizations to organizations with thousands of network endpoints across the globe. However, the maturity of an organization’s cyber security program is not always reflective of the size of its network.

According to Gartner Inc., 90% of CEOs are prioritizing digital initiatives within their organization. Without the proper security resources in place to address digital risk, these initiatives may be delayed [2] or worse: improperly secured. Yet, it’s not just organizations with digital initiatives exposed to security and privacy risks. It is common for organizations to face multiple challenges concerning cybersecurity, not just security breaches.

So, how should organizations address the growing cyber security risks in today’s digital modernization world? Gartner Inc. suggests leaders must look past the skills shortage to identify and develop relevant competencies for their workforce to ensure alignment
with digital business objectives [2]. In addition, Gartner says that 68% of digital organizations have at least one cybersecurity expert on staff. However, they remain incapable of managing digital risk to drive value creation. Gartner predicts that by 2023, there will be a 45% increase in competency-based job descriptions, making skill sets and experience secondary in security and risk management roles [2].

Gartner suggests a few simple steps to help prepare your cybersecurity program for the next-generation digital organization.

• First, partner with the organization’s Human Resources program to define standard definitions that help differentiate between roles, skills, and competencies.
• Next, analyze the organization’s current workforce competencies critical to business success.
• Finally, align competencies hiring needs, and developing existing staff.

In addition to Gartner’s suggestion to focus on workforce competencies, there are many other areas an organization’s cybersecurity program should focus on to help prepare for the next-generation digital organization. I want to discuss two areas: Working/Focus Groups or Communities of Practice and leveraging advanced security tools.

When in the process of maturing cybersecurity within an organization, organizational leaders should consider creating multiple groups focused on cybersecurity, risk, and governance. Consider making these key groups/focuses, including a Security Operations Center (SOC), a Vulnerability Management team, an IT Risk Management team, and an Information Security Governance (ISG) team.

• Security Operations Center (SOC): A team of experts that proactively monitor an organization’s ability to operate securely [3].
• Vulnerability Management: The process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs on them [4].
• Technology Risk Management: IT risk management, also called “information security risk management,” consists of the policies, procedures, and technologies that a company uses to mitigate threats from malicious actors and reduce information technology vulnerabilities that negatively impact data confidentiality, integrity, and availability [5].
• Information Security Governance (ISG): A subset of enterprise governance that provides strategic direction, ensures that objectives are achieved, manages risk appropriately, uses organizational resources responsibly, and monitors the success or failure of the enterprise security program [6].

Lastly, to further mature cybersecurity within an organization, cybersecurity practitioners should consider using multiple cybersecurity tools, including Next-Generation Antivirus (NGAV), Security Information and Event Management (SIEM), and Security Orchestration Automation and Response (SOAR).

• Next-Generation Antivirus (NGAV): A combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation so known and unknown threats can be anticipated and immediately prevented [7].
• Security Information and Event Management (SIEM): Put simply, SIEM is a security solution that helps organizations recognize potential security threats and vulnerabilities before they have a chance to disrupt business operations. It surfaces user behavior anomalies and uses artificial intelligence to automate many of the manual processes associated with threat detection and incident response and has become a staple in modern-day security operation centers (SOCs) for security and compliance management use cases [8].
• Security Orchestration Automation and Response (SOAR): Refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format [9].

There is no secret recipe for preparing cybersecurity programs for next-generation digital organizations. Organizations will need to find their own mix of cybersecurity practices that fulfill the risk and compliance requirements of the organization. However, at a minimum, cybersecurity leaders should (1) consider purchasing next-generation cybersecurity tools, (2) create discipline-focused teams/groups, and (3) a highly-skilled team to join the groups and run the tools.

Works Cited

[1] “100+ best cyber security & hacker quotes,” Cyber Sophia, [Online]. Available: https://cybersophia.net/quotes/. [Accessed 23 October 2022].

[2] S. Olyaei and B. Reed, Focus on competencies to establish security and risk expertise in a digital world, Gartner, Inc., 2019.

[3] CompTIA, “What Is a security operations center?,” CompTIA, [Online]. Available: https://www.comptia.org/content/articles/what-is-a-security-operations-center. [Accessed 23 October 2022].

[4] Rapid7, “Vulnerability Management process,” Rapid7, [Online]. Available: https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/#:~:text=Vulnerability%20management%20is%20the%20process,minimizing%20their%20%22attack%20surface.%22. [Accessed 23 October 2022].

[5] SecurityScorecard, “What is information technology (IT) risk management?,” SecurityScorecard, [Online]. Available: https://securityscorecard.com/blog/what-is-information-risk-management#:~:text=IT%20risk%20management%2C%20also%20called,confidentiality%2C%20integrity%2C%20and%20availability.. [Accessed 23 October 2022].

[6] MossAdams, “Information security governance and risk management,” MossAdams, [Online]. Available: https://www.mossadams.com/articles/2021/08/information-security-governance-framework#:~:text=Information%20security%20governance%20is%20defined,security%20program%2C%E2%80%9D%20according%20to%20the. [Accessed 23 October 2022].

[7] CrowdStrike, “What is Next Generation Antivirus (VGAV),” CrowdStrike, 13 December 2021. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/endpoint-security/next-generation-antivirus-ngav/#:~:text=Next%2DGeneration%20Antivirus%20(NGAV)%20uses%20a%20combination%20of%20artificial,be%20anticipated%20and%20immediately%20prevented.. [Accessed 23 October 2022].

[8] IBM, “Why is SIEM important?,” IBM, [Online]. Available: https://www.ibm.com/topics/siem. [Accessed 23 October 2022].

[9] Gartner, Inc., “Security Orchestration, Automation and Response (SOAR),” Gartner, Inc., [Online]. Available: https://www.gartner.com/en/information-technology/glossary/security-orchestration-automation-response-soar. [Accessed 23 October 2022].