The thing with fighting fires is that you often have your best people dousing the flames with their backs turned to whatever is going on behind them. If we can consider cyber threats as multiple little digital fires that flicker in and out daily, then think about the manpower that goes into managing these security alerts every time a possible threat is identified. It leaves a company in a state of operational duress rather than settling into a state of continuous improvement.
It is a challenge that companies big and small must contend with, and this burden on employees and the company intensifies the more indebted a company becomes to their security operations.
Companies accumulate security debt when they do not recognise the need for cybersecurity measures early enough, and, as such, lag behind the maturity curve, which, in turn, can lead to a myriad of secondary issues. These can include lengthy processes when introducing new technology, initiatives, or projects, due to the company being operationalised instead of being focussed on improvement.
And while underspending on security measures may not directly lead to deepening security debt or a security breach, it leaves a company with fewer capabilities that could have been directed towards improving maturity inside the business. Cyber fires and the manpower they require often burn away the potential for new projects and initiatives inside a company.
For instance, we took over full operational control of a large retailer’s security technologies in a bid to eradicate their security debt. The company’s IT security staff were skilled in implementing the technologies, but we assisted with implementation and took over the operational burden which allowed the internal team to focus on improvement projects and initiatives. We also integrated with their response capability (on the back of a Nview MDR deployment) which elevated the response capability, whereby our Client knew exactly what to do when we identified a potential threat.
The company was able to leave the tending of fires to us and focus on new initiatives and projects.
Smaller companies are often under greater security pressures as they don’t have the capital to invest in security systems. And while you don’t necessarily have to increase spending to increase maturity, it is in most cases the clients with limited risk awareness at the board or exco level that may have to increase spending to limit security indebtedness.
The symptoms are varied and numerous, but the most obvious ones are preoccupied operational teams and constant gremlins cropping up with vendor products. It is one of the key reasons that we offer zero cost assessments. To ensure that the vendor products are being implemented and managed properly and to identify these shortfalls.
The aim is to bring the technology from an implementation phase through to an improvement state to maximise our Client’s investments. Are you using all the features licensed to you? Are they operating correctly and efficiently? What is the value you are getting from these features? These are all crucial questions to ask in the path to eradicating security debt.
We often find in our assessments that companies are only using, say, a quarter of what their license allows them because they do not understand or have the capacity to operationalise the full suite of features.
There are always ways and means for criminals to gain access to a system, but if you are constantly working on improving the state of operations, you are many steps ahead of those that don’t. Let the firemen handle the fires so you can get on with business.