Nurture the Three Pillars of Success: People, Process and Technology
“It’s all about the people,” said Wanda Miles, senior security and compliance program manager at Exabeam, during a session on behavioral analysis and ransomware. Burnout, skill gaps and staff shortages combine to create stresses on resiliency, hampering the cultural shift necessary to elevate an organization’s security posture.
To keep personnel engaged, Jeremiah Salzberg, chief security technologist at CDW, suggested avoiding the temptation to train by rote. People in the IT and security fields are driven by curiosity, so keeping staff members challenged and giving them “time to play” can help them continue to develop creative solutions. An audience member noted that his team rotated tasks so that no one person was left responsible for repetitive work; instead, colleagues shared responsibilities across the board.
LEARN MORE: How managed detection and response can improve your security posture.
As for process, Cook recommended taking an approach of continuous recovery and proactivity. Miles suggested using behavioral analysis to understand the interaction points between users and systems. In her experience with using behaviors to detect and thwart ransomware, Miles has found that using processes that detect unusual or threatening behavior can help teams proactively intervene, whether that’s through educating new employees about phishing attempts that target people who aren’t yet familiar with security protocols or simply implementing a patch.
Speakers at the forum agreed that technology follows from the people and processes. Approaches such as zero trust and implementation of security operations centers can help organizations improve their security posture. But, ultimately, security tools need an effective strategy and the right people in place to use them.