By Ryan Stolte
When thinking about the elements of a village, you may think about people, homes, transportation and commerce. However, there’s another critical component that sits passively in the backdrop yet plays a very frontal role – the town square. Whether it’s an actual square, town hall, plaza or park, most villages have a central place where people congregate. It’s a place where people make new friends, share ideas, discuss the “state of the village” and, in some cases, use it as a platform to persuade a governing body to take action. The town square connects the dots of the village. It’s what makes a village “a village.” Otherwise, it would just be siloed individuals living in their siloed homes in their siloed neighborhoods visiting siloed stores. There would be less intersection and interaction, limiting potential progress to build new infrastructure, improve schools and make life even better.
The same principle applies to cyber security. In today’s complex business environment coupled with sophisticated, well-funded and well-organized adversaries, it takes a village to reduce cyber risk. However, too many companies are missing the town square. Their security technologies, people, processes and valued systems and applications operate in siloes and rarely intersect. Companies have invested millions of dollars into putting those components in place yet fail to reap the benefits because there’s no intersection nor interaction. They cannot connect the dots between threats, vulnerabilities, likelihood of a compromise, business context and the value of the assets at risk. As a result, incident responders are overwhelmed trying to decipher the most imminent threat alerts from false positives and noise. They waste time chasing fires that don’t exist while the true threats slip through the cracks. Critical vulnerabilities within valued applications and systems remain unpatched as security teams struggle to piece through scan reports, unable to separate which vulnerabilities matter most and need immediate remediation. Employee burnout within security and compliance departments is higher than ever before as practitioners get bogged down trying to manage enterprise cyber risk entirely on their own.
Like a town square brings together people, ideas and causes, companies must do the same. They must bring together their people, technologies and processes to reduce their cyber risk. That includes marrying and analyzing threat and vulnerability information coming from their security tools and identifying how that information puts their most valued assets at risk. They must bring together various stakeholders, even those who are not on the security team yet govern valued systems and applications. Line-of-business application owners have the deepest level of understanding and most visibility of the valuable systems and applications they manage and therefore they must be held accountable for remediating vulnerabilities to those assets.
Line-of-business leaders should provide business context around certain threat alerts such as whether they gave an employee access to a computer that the person normally would not access. For example, if a threat detection tool flags an employee accessing a highly valuable computer that she typically would not access, the alert should automatically be sent to the application owner who manages that computer. That individual would then add important context such as if he believes that employee has business justification to access that computer. If the response is “no,” then the alert would bump up to the Security Operations Center, as a high severity alert that needs immediate investigation. That kind of business context is essential for incident responders to determine which threats are truly high in severity and not false positives.
By engaging line-of-business leaders in the risk reduction process, the responsibility of cyber risk reduction doesn’t solely fall on the CISO’s shoulders. People and technologies must work together to protect companies’ crown jewels, which is why companies need a town square that enables integration and communication.
About Ryan Stolte
Co-founder of Bay Dynamics, a cyber risk analytics company, Ryan has spent more than 20 years of his career solving big data problems with analytics.