It’s staggering the number of things happening in cybersecurity right now: From new regulatory requirements, to supply chain attacks to vendor segments – all continuously evolving as new things emerge.
As a security leader, you know you can’t do everything. Even if you had more budget than you wanted, there’s still a matter of people being able to do the work. Focus, therefore, is critical. This article will explore three key areas CISOs should focus on today.
Security teams are increasingly generating and consuming more and more data. The traditional SIEM (security information and event management) model is workable for logs, but what about everything else?
As security teams, we need to be thinking about our data like other business functions do. As part of that process, we need to be bringing data platforms, engineering rigor, and analysis techniques that mimic the way a modern fintech or marketing team might operate.
Yes, cybersecurity is an incredibly technical field, but in many ways, it hasn’t yet made the shift to approach its problems from a data and engineering mindset. Data needs to be a first-class citizen for security teams in the future.
Supply Chain Risk
Attacks in supply chains have been on the rise over the past few years. Looking back to the Solar Winds breach and the infamous log4shell exploit, we see two devastating and wide-reaching issues that affected two very different parts of our supply chain: a product and an open-source library. This is quite different from the kind of supply chain risk that many third-party risk management (TPRM) programs seek to manage. Those programs try to account for third-party organizations’ breach potential themselves, such as the recent Uber and Gemini breaches, which were directly related to the companies’ third-party partners.
This means security teams need to expand the way they think about supply chain risk. There is so much happening in this space that a single approach won’t work for all organizations. Security leaders need to find a scope that works for their team. Consider the following dimensions in this process:
- Open-source libraries and where/how they’re being used; this may incorporate some kind of workaround software bills of materials (SBOMs)
- Containers: where they come from, are they trusted, and are they secure
- Third-party organizations and potentially their own respective supply chains
- COTS (commercial-off-the-shelf) products or cloud services used throughout an organization and where they came from
- Data centers or infrastructure-as-a-service providers and what is running in these environments
The continued emphasis on security teams positioning themselves as a business enabler is important to success. This isn’t just the job of one person or a small group in a security team. It requires a more wholesale shift in team culture which is driven by values and soft skills.
The individuals that make up your team need to continue to invest in skills like communication, negotiation, empathizing, and critical thinking. This, coupled with strong values driving the culture, will make a significant impact on the way the team works. When a team is more effective the technical impacts of their work will likely have a positive correlation.
This change and the tone start from the top. It is set and led by example from security leaders.
There is so much for security leaders to be thinking about and there are always new tools and new things that can cause unwanted distractions. However, I’m advocating for some foundational thinking and work for security teams. This will set your organization up for a stronger future.
By focusing on how you’re using data, what your supply chains look like, and improving the team culture that ultimately drives all of your work, you can have lasting impacts.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: