Security professionals should also be deploying data analytics, overlaid with cultivated and vetted threat intelligence and sound workflows that allow for timely and effective response actions. Automation and orchestration are key components, but all alerts and triage actions need to be conducted by a trained analyst with intimate knowledge of the organization’s network.
BIZTECH: Beyond hackers, are there other obstacles facing businesses when it comes to protecting their networks?
RIDGEWAY: There continues to be a shortage of cybersecurity professionals, which leads to a competitive recruiting environment where top talent can be lured away from an organization. Depending on the resource being lured away, a significant amount of institutional knowledge may leave also, leading to deterioration in a team’s effectiveness for a period of time. That’s why it’s so important that organizations cross-train and mentor junior personnel in the event that resources leave. All organizations should have succession plans in place, and security programs should establish and document repeatable processes, procedures and playbooks to ensure continuity of operations.
Employees are one of our front-line defenses and one of our most vulnerable sources of exploitation by threat actors. It’s important to train employees to recognize and report suspicious phishing emails. It is challenging, as the threat actors utilize social media to craft tricky and sometimes personalized phishing schemes. Creating a training program that utilizes different phishing scenarios that educate employees on how to recognize and report suspicious activity is an important part of a successful security program.
BIZTECH: What do you see emerging, techwise, that’s starting to help in the battle to protect data? Artificial intelligence? Automation?
RIDGEWAY: Organizations do not have an unlimited supply of resources. The nature of cyberdefense involves numerous events of interest that could eventually become incidents. Automation of repeatable, easy-to-resolve issues frees up an organization’s valuable cybersecurity resources to focus on the more difficult investigations of anomalous activity. Automation allows organizations to focus on identifying the new and emerging threats as opposed to devoting resources to everyday issues.
Artificial intelligence is still immature in the security space. Many cyber professionals are skeptical and taking a wait-and-see approach. Predictions are that it will eventually become a mainstream foundational element for cyberdetection and defense.
BIZTECH: Do you have any advice for IT professionals in smaller companies about maintaining data security with limited resources and few dedicated security professionals?
RIDGEWAY: The first thing that any organization should do is identify the most important data and assets it has and prioritize mitigation techniques around the protection of these crown jewels.
Organizations face a vast number of threats, and in a perfect world, as security professionals, we would like to say we can stop any threat targeted at us. However, with limited resources, it is imperative to prioritize what is most sensitive and what could have the largest impact on revenue and business continuity.
There are many managed services that can provide protection to small organizations. A managed service can afford to hire expert talent and deploy advanced systems. This spreads the costs among many organizations. This is the most economical way that smaller organizations can have top talent and defenses at an affordable cost.
Additionally, small organizations should leverage sharing communities as much as possible and collaborate with peer institutions and government agencies.
Threat intelligence shared among these communities is timely, relevant and purposeful, allowing organizations to protect critical systems and assets from cyberthreats. There are many organizations that are free, such as the FBI’s InfraGard program, and state-run organizations, such as the Rhode Island State Fusion Center.