This article is more than 1 year old

Cyberthreat: Learning to live with the risk

And bring your tools, people and partners together

How to integrate your security operation with the overall business

To do any of this, you have to get business users on board. That can be more difficult than you’d think, argued Forcepoint’s Stevens, adding that even understanding the data architecture can be difficult for IT teams in some situations.

“We have IT security teams in high-sensitivity businesses where IT people have zero visibility into what they're trying to protect,” he said. “It's nerve-wracking to do it in the blind.”

This can come down to a lack of understanding on the business side. He recalls one security project at a large corporate client, whose lawyers wouldn’t clearly communicate what they wanted the company to do for them. Finally he asked the head of the team why the relationship was so contentious. Surely they were on the same team? The chief attorney hung his head and privately said “We hate to not know things. We don’t want them to realize that we’re not the smartest guys in the room.”

“They were trying to communicate their needs and they had no idea what the language was that they needed to communicate them in,” said Stevens. It was an education and cultural issue that made that particular team feel embarrassed, and put them at odds with the IT department.

“IT people need to do a better job of educating the business so that we look like the trusted partners,” he explained.

That can involve choosing projects that deliver some clearly-defined business wins, bringing visible value to the other team, said Professor Angela Sasse, director of the UK Research Institute in Science of Cyber Security (RISCS). “Maybe you say ‘that tool you’re suggesting there, we could use that for business process as well,” she said. “Then you see business people getting enthusiastic in investing in a security measure.”

This can pan out in unexpected ways. In one project that she worked on, a monitoring system was used to help with authentication. It produced location data describing where customers were accessing from and compared it against a baseline of normal behaviour.

“The monitoring information was also helpful for customer relationship management,” she said. Business managers could take that location data to identify changing patterns in systems access by customers. That in turn could lead them to offer those customers other types of contract and service agreement.

“That's joined-up thinking,” she suggests. “Never make a decision about how to manage the information without understanding how to manage the business context.”

How can partners help?

Working with a third party security partner can help internal IT departments to overcome some of these issues, both because of their prior experience, and because they typically have far more threat intelligence information than a single company could hope to gather on its own, said Neely. But there has to be some due diligence, because of the job’s sensitive nature.

“There are third parties out there that have thousands of customers and data points to create a high fidelity result, but there has to be a trust element,” he said. That trust has two facets.

The customer must be able to trust that data entirely, using it as a platform to boost their own threat intelligence and take action on it. “The other part of it is sufficient obfuscation so that if Joe’s company is compromised, it doesn’t get out through that third party that Joe is in trouble,” Neely said.

An indicator of compromise will be useful to the whole business community, but should never be linked to a particular company, which means that it shouldn’t be traceable to a particular IP address. To this end, some companies are working on tokenisation to eliminate the chance of a company being publicly linked to its threat data, Neely explained.

By taking an intelligent, measured approach to cyberthreats, companies can achieve a reasonable level of protection that matches their level of risk, while also keeping their systems agile and usable enough to serve their business needs. No one likes the reality that threats exist and data breaches will occur, but with the right approach and tools, it is possible to live with both successfully. ®

More about

TIP US OFF

Send us news


Other stories you might like