Article by ServiceNow chief information security officer Yuval Cohen
The security sector is a tough industry to be in – when all processes are running smoothly, security professionals are invisible. However, the moment something goes wrong, all blame is focused squarely in their direction.
Third-party and in-house cybersecurity experts have a ton of responsibility. They work within a complex environment with real-world consequences. With a number of high profile data breaches reaching the public domain this year – with SingHealth and Securities Investors Association Singapore being the most recent targets of cyber attacks – security has quickly become one of the biggest concerns of organisations. Still, it’s easy to misunderstand the purpose of what security professionals do and see these growing procedures as an obstacle to productivity.
It’s fair to say, in a lot of ways, this has the potential to be a very miserable job — even though it’s great in so many ways.
A pack of sheep surrounded by wolves
State-sponsored attacks, ransomware, fake news, and targeted misinformation are all tools of war in the information age. Many of these attacks aren’t even reported by the press or known by outsiders. According to a study by ServiceNow and Ponemon Institute, Singapore organisations surveyed spent an average of 18,096 hours per year and USD $ 1,359,375 per year preventing, detecting and remediating vulnerabilities.
The security industry can be the proverbial pack of sheep surrounded by wolves. As such, security professionals often stick together, even if they are rivals. Versus the ‘us against them’ mentality, it’s quite common for a financial firm’s security officer at a rival company to reveal they encountered a weird virus and offer to send samples or compare case studies.
The balance of power in the equation is so lopsided when protecting data that everything security professionals do to help each other, helps the good guys. By working with peers, sharing best practices and insights empowers security teams to do a better job in defending organisations.
For security teams, a big part of the challenge is simply being overwhelmed by workflow management. It’s difficult to allocate resources between detection and operational capabilities, and to find the right blend of defensive and offensive posturing.
Further, Singapore-specific insights from the ServiceNow and the Ponemon Institute revealed that:
• 60% respondents said their organisations were at a disadvantage in responding to vulnerabilities because they still use manual processes;
• More than half (54%) agreed that IT security spent more time navigating manual processes than responding to vulnerabilities, which led to an insurmountable response backlog and;
• 68% attributed delays to lacking a common view of applications and assets across security and technology teams
Getting in front of the challenge
At the end of the day, there will always be employees who open email attachments from strangers, choose obvious passwords, or use insecure communications unless they are prevented from doing so, or if technology paradigms change. Anticipating such actions to continuously take place allows security teams to be more equipped, organised and forward-looking.
The urgency to adopt new approaches is increasing. Organisations in Singapore can apply automation to create a robust, efficient and effective security hygiene model. If a target has robust defenses, or presents more hassle to infiltrate than it’s worth, odds are the bad guys will move on to something else. More, little things such as establishing continuous tracking software patches, detecting irregular login patterns, and making it easy to report phishing attacks go a long way.
Seamless processes are even more critical in a rapidly changing work environment. Multi-cloud environments mean it’s easier to pass the buck on blame for attacks. The rise of BYOD and shadow IT mean that new attack vectors show up every day, and security and IT have to be in constant communication.
With the right steps, this doesn’t have to be a miserable job. Keep the lines of communication open with fellow security leaders, find signals and anomalies that matter in the endless data noise, and advocate for security experts everywhere. Getting in front of the challenge makes all the difference.