BUSINESS STRATEGY
A good example of intelligence-led information would be if your organisation was using data from a third party that ’ s scanning potential threats on the Dark Web . Rather than a stream of information , this data would also likely include context on what risk certain hacking and attack groups pose to your specific industry . It ’ s this intelligence that lets you start to build a picture of how attackers are targeting your organisation , which then means you can put the right mitigations in place and ensure you are training staff against the correct processes and playbooks .
Intelligence is about drawing meaning from information . With intelligence and visibility , we are shining a light on the right areas and spending time and energy on these . This stems from a place of efficiency and one of the main challenges across the industry is a major skills gap . Ensuring that you are using intelligence to drive the right visibility means focusing your team and organisation on the policies and the processes that you are creating for the areas that matter . This results in an efficiency-led approach .
Why is it important for organisations to test and validate their cybersecurity and why is an ‘ Intelligence Led Visibility ’ approach good for this ?
Internally , we have a term called ‘ zombie renewals ’ – meaning people have bought a piece of technology and they simply renew it yearly , even if the technology doesn ’ t meet the same requirements as it did five years ago . You can avoid this by constantly testing your infrastructure , making sure it stands up against today ' s threats and realising that what may have worked five years ago isn ’ t the right solution for your business today . Cyberthreat actors are constantly innovating , and we need to be reactive to that .
Ransomware is a prime example – there are consistently new ransomware campaigns being launched , released by different groups that use new tools , tactics and techniques to access your network . If you ’ re not continuously validating , you won ’ t know if your systems can stand up to new attacks coming down the pipeline . Fail fast , find the issues and mitigate – testing on a regular basis is the only way to have real confidence in your solutions .
You need to be taking an intelligence-led approach . It ’ s the intelligence that will help you focus on the right threats , curate a list of potential loopholes and downfalls within your systems and allow you to prioritise and tackle the most critical business risks .
For organisations that lack this visibility , how would you recommend they approach their security strategy going forward ?
I would say to people to go back to the beginning . This may appear obvious , but it ’ s very common to see organisations taking a reactive approach to threats , by putting controls in place as soon as they realise they have a problem . Quick fixes and knee-jerk decisions will not work in the long run – you need to start with a comprehensive understanding of where all of the gaps are .
The threats will never stop but an effective strategy starts with understanding where your gaps are – which may be skills , technology , people or processes . By understanding what you ' re doing well and what you ' re not doing well you will see the areas requiring the investment of time , effort and budget .
It ’ s a journey through visibility , intelligence and control . If you ’ re putting controls in place while still trying to establish visibility and intelligence through the noise , those controls will not effectively protect your organisation .
For people realising they don ' t know where their data is or how their users are connecting to the organisation , it can be easy to rush to a technical control point because that is a tangible and easy-to-understand action . However , my advice is always to ask people to take a step back , review the information they ' ve got and consider any gaps . Then we can start to build on what ' s intelligent information and what ’ s not , before making a move toward implementing controls .
What advice would you give IT professionals who are looking to start their visibility journey ?
Take a step back and ask yourself why this is an issue for you . Most people will struggle to answer this question , so this should be the starting point .
The visibility journey will look different at every level – from CISOs to technical managers – but in all cases it ’ s best to take a joined-up approach that goes from board level to the people putting the solution in place . Conversations will be more productive this way and really help everyone understand the objectives and provide feedback on their perspective of the organisation ' s cybersecurity strategy . The goal is to ensure a coherent visibility journey , so ask basic questions first , formulate the desired end result and then start working through those stages logically . x www . intelligentcxo . com
27