Strengthening the Human Element in Your Cybersecurity Stack

Strengthening the Human Element in Your Cybersecurity Stack

Posted by HSSL Technologies on Jul 22nd 2022

Many of us reach a point in life—and in our business—when we feel the need to refocus on our core capabilities and strengths and outsource or ask for expert advice on the rest. This strategic decision allows us to make even more significant leaps forward in those places we are uniquely capable of solving the issues at hand.

In cybersecurity, we talk a lot about the need for end-to-end automation to support a dynamic and agile security posture capable of responding to new threat information in near real time. Our industry translates this to being able to stop attacks in their tracks. We have all invested and will keep investing time and resources in building toward this vision as we choose to add new technologies, vendors, and partners to our cybersecurity ecosystem.

However, one area many security leaders tend to talk less about is the human component of cybersecurity strategies and how we can increase its impact on our overall success. Today, two-thirds of global leaders claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months they could attribute to the cybersecurity skills gap.

It is time to talk about the human element as part of your overall cybersecurity framework.
Enhance, Automate, and Outsource: The Human Element

If I asked you today how many of your technology security capabilities are being consumed as a service and how many more you are currently evaluating, the answer would be—most. Security vendors already operate, maintain, and advance critical security capabilities for your technology, be it your IPS, URL, DNS, sandbox, AV, CASB, IoT, etc., by providing security intelligence to keep them tuned to the latest threats. Teams of cybersecurity experts are already helping keep you ahead of today's cybercriminals. The same goes for automated processes. Many of you are on a path to creating a fully automated security posture, SOC, and process flows. And in many cases, you and your vendors are on this journey together.

But when we talk about your people, there is less of an organized process, strategy, or priority—or, even time for skill enhancement. And even fewer are evaluating which tasks the SOC team performs that would be best to outsource.

There are three strategies for applying services to your security team, employees, and partners to better protect your organization. The first is to enhance their capabilities with the skills and technologies of dedicated cybersecurity professionals who spend every day on the front lines of today's cyber war. Next is to automate many of your team's processes to improve accuracy, mean time to detection (MTTD), and mean time to remediation (MTTR). And there are simply some aspects of cybersecurity you will choose to outsource to keep your team focused on the critical tasks at hand.
Enhance
Employees

Many attacks today start with the exploitation of a vulnerability, whether it’s a technology or human failing (for example, phishing). We all strive to prevent and stop attacks as early as possible during the attack cycle by adding advanced capabilities like external attack surface management (EASM), network detection and response (NDR), deception, endpoint detection and response (EDR), and even secure email gateways, and web application firewalls (WAF) to front critical assets—all to minimize damage and avoid the long process of remediation.

In many cases, your employees are your first line of defense. Suppose you evaluate your employees in the same way you assess technologies, looking for vulnerabilities (knowledge and skills gaps) that need to be "patched" on a regular basis. It should then be easy to understand the need for cyber-safe programs. This process of continual improvement can and should be built alongside partnering with a cybersecurity vendor/team well-versed in current attack tactics that can integrate that knowledge into your organization's employee training program.
SOC teams and cybersecurity professionals

If you're like most of us, your SOC teams are heads-down sifting through alerts, logs, and tasks. As a result, they find it difficult to find the time to stay sharp when it comes to the evolving attack threat landscape and the overarching state of your end-to-end security posture.

Practice will make your team better and faster in responding to attacks. Make time for it. Allocate time for tactical training a complete evaluation of capabilities, AND to build and test effective automation and playbooks, leveraging tools like security orchestration, automation and response SOAR. Cybersecurity experts actively working in threat hunting and incident response will have the real-world, hands-on experience needed to build and execute training for your team. Also, evaluate and take advantage of onboarding and training programs that support short learning curve objectives and the optimization of investments.
Outsource

The current intensity, both in velocity and sophistication, we are experiencing across the threat landscape means we all need to work even harder to stay on top of our game. But that can only get us so far. So, we must also work smarter, which is the driver behind building automated, self-learning systems and outsourcing some functions to dedicated experts. Such enhancements are a critical way to eliminate noise and help your team focus on their most critical tasks and advance your business. Outsourcing can serve many purposes. It can be used temporarily until your team is past the learning curve of new technology or as a permanent arrangement as an extension of your security team.

There are generally three areas where we see organizations outsourcing security functions:
Evaluating security effectiveness

There is a maxim among cybersecurity professionals that the team that builds a security posture should not be the one that assesses its effectiveness. Leveraging an external team to perform these tasks will invariably produce a better result. These services can range from individual point-in-time assessments, like vulnerability or ongoing monitoring of your external attack surface management to determine end-to-end readiness for attacks like ransomware. These assessments also support a much-needed risk-based prioritization of future investments.
Outsourcing some or all of your SOC threat-hunting capabilities

The outsourcing of active monitoring detection and response to threats extends from the endpoint (MDR), to the network, to full SOC responsibilities (SOC-as-a-Service). And given the speed of today's threats, prevention is best served with a fully automated cycle from detection to response. However, in most cases, the adoption of fully automated response will be tied to the trust level the SOC team has in the machine learning (ML) recommendations and data and not in technology capabilities, which as in all automation-driven fields, will evolve and expand with time, data, and expertise.
Outsourcing some or all of your incident response capacities

The benefits of working with an incident response (IR) team before you are under active attack cannot be stressed enough. By engaging early, an IR team can help you evolve and strengthen your security posture. They will also obtain critical knowledge on your existing security deployment and any agreed-upon response and remediation processes. That, in time, will help reduce incidents and shorten the time required for remediation once an incident occurs.
Automate

Everyone contributes to the problem of increasingly complex work environments. Marketing and engineering teams use multiple systems. Users employ numerous devices to connect to an even larger number of applications. The goal of every cybersecurity leader today should be to establish a unified security framework across the entire organization that prioritizes synergetic systems and centralized processes to deliver ML-powered automation.

But AI and ML are only as good as the data they are trained on and the people who teach them. When engaging with vendors offering ML-powered solutions, it is essential that you look inside the organization and figure out who's designing their models. What datasets are they working with? Ensure that the process and automation used to gather, process, identify, and respond to incidents are trustworthy.