+61-2-9434-5000

A battle-tested security
infrastructure can
prepare you for what
comes next.

  • 2020 delivered a range of unexpected challenges—including to cybersecurity. The rapid pivot to a remote workforce has refocused budgets, priorities and resources. Businesses also have had to address the increased attack surface and the amplified level of technical complexity required to keep organizations secure.

    The security issues go beyond networks, devices, workloads and data, as well. New ways of doing business put a toll on security analysts tasked with anticipating, detecting, mitigating and investigating breaches.

    As a result, security roadmaps need a refresh to not only deal with the pandemic’s impact, but to condition companies for:

    • Diverse work modes
    • Digital-first business models
    • Future disruptions
    • New cyberthreats

    By strengthening the enterprise’s security infrastructure and posture, leveraging third-party security resources, enabling analysts and teams, and engaging internal security stakeholders today, organizations can prepare the business for opportunities and innovation tomorrow.

  • Update detection and response tactics.

  • Research, including the Verizon Data Breach Investigations Report (DBIR), indicates that for many companies, security breaches can remain undetected for weeks, months and sometimes up to a year. With a dispersed workforce, detection could be even more protracted. Here are some steps companies can take to detect breaches on more fronts and respond to them sooner:

    • Invest in automated detection tools
    • Provide security analysts with visibility into data, the network and devices
    • Partner, if necessary, with a managed security service provider    

    Because breaches have practically become inevitable, organizations also need to review their incident response plans. Bringing executive teams together for a few hours to run through breach scenarios, confirming that required individuals are still in their roles and updating contact information is crucial, especially when employees, functions and locations have shifted dramatically.

  • Adopt zero-trust frameworks and architectures.

  • In a remote work environment, more new devices (employees’ laptops, smartphones and tablets) continuously access the corporate network from locations outside the office over secure and unsecured connections.

    A zero-trust security infrastructure model, based on the belief that organizations should not automatically grant access to any user or device trying to connect to its systems, helps minimize a remote work setting’s risks. It does so by contextualizing requests for access based on multiple factors, such as location, device state, security state and behavior.

    Zero-trust practitioners implement the granular policies and controls of the Forrester Zero Trust eXtended Ecosystem and network architecture from the National Institute of Standards and Technology (NIST) to regulate network access and communications.

    A zero-trust model can improve IT operational agility, governance, compliance, and data breach mitigation and prevention at a time when many organizations rely on remote workforces. But it also offers companies the ability to scale remote and hybrid operations quickly and securely to meet the future demands of the modern digital business.

  • Engaging with security employees regularly on a one-to-one basis about their technology, training, advancement or mental health needs, providing ample time for them to unplug and putting an end to the culture of overworking can increase analyst satisfaction.

Keep security personnel engaged.

Many security analysts are working long hours from home with critical responsibilities and limited technology resources. As a result, analysts report fatigue and burnout, and some firms are experiencing a revolving door of security personnel. Here are a few ways to help increase analyst satisfaction:

  • Customers

     

    Engage with security employees regularly on a one-to-one basis about their technology, training, advancement or mental health needs

  • USB Cord

     

    Provide ample time for them to unplug
     

  • Clock

     

    Put an end to the culture of overworking
     


  • Following these steps can save firms hours of interviewing and retraining new hires to keep critical security roles filled.

    Diversity of thought, background, experience and perspective is a crucial attribute for a security team. Hiring analysts who approach security from different directions can make the program more robust and effective, especially during a business transition.

  • Leverage third-party resources.

  • Managed security service providers (MSSPs) can perform end-to-end security operations for a company. But they and specialty “as-a-service” providers can also enhance security operations with more focused tasks. These include providing threat intelligence, setting up cyber honeypots to trap intruders or monitoring the dark web.

    Outsourcing can reduce some of the budget and bandwidth issues that firms are currently experiencing, such as stabilizing virtual private networks, scaling network infrastructure and teaching remote employees about the dangers of sloppy remote connectivity. 

  • Enable the effectiveness of remote security teams.

  • Security operations centers (SOCs) staffed with work-from-home analysts present unique challenges to companies. These include the analysts’ physical security and performance validation, reliability of the network connection, control over remote access to sensitive data and systems, and ability to collaborate with other team members.

    To address the issues peculiar to remote SOC scenarios, security leaders can install closed-circuit television cameras in home offices and provide backup connectivity if the connection goes down. They can also require strict authentication protocols for the analyst and provide them with access to collaboration and communication technology.

  • Man sitting at desk looking at smart phone and laptop
    • Engage with other security stakeholders.

    • Analysts aren’t the only employees who impact the effectiveness of a security operation. Security program stakeholders—individuals outside the security team but dependent on it—can shape opinions and attitudes toward the security function and program funding.

      Making an effort to engage stakeholders to understand their security perspectives (whether it’s a business enabler or a department that gets in the way of progress on other initiatives) can help cast the program in a more favorable light. It also brings security to the table at the beginning of digital transformation efforts.

    • Prepare your business for the future.

    • Today, a modern cybersecurity infrastructure is needed to deliver critical business continuity benefits out of necessity. But having a strong cybersecurity posture helps companies prevent, detect and respond to future cyberthreats and breaches. It also allows them to continue their digital transformation with confidence.

    Advanced security measures can align with your digital
    workforce goals to drive
    betterbusiness outcomes.