This month marks the 17th Annual National Cybersecurity Awareness Month with the theme: “Do Your Part. #BeCyberSmart.” It’s a good time to take a step back to assess your organization’s cybersecurity posture.
Many discussions of cybersecurity center around three pillars: people, processes and technology. Each of these pillars include many important aspects; however, in today’s ever-changing cybersecurity landscape, it is critical that all three be tightly integrated to provide a comprehensive risk and security management approach for your environment. The key is to build a solid foundation of people, processes and technology (PPT) upon which you grow and easily adapt your cybersecurity posture.
(Note: While PPT is a common understanding of the three pillars, some organizations use variations. For the purposes of this blog, we’ll stick to the definition above.)
As a priority within both the government and commercial sectors, cybersecurity is a top area of investment for many organizations. It is important to ask yourself some key questions as you carefully consider your organization’s strengths and risks related to each pillar that can help you choose where to allocate those investments.
The first pillar: People
Cybersecurity personnel of various skill levels, expertise, security knowledge and awareness play a key role in utilizing, maintaining and protecting an organization’s IT infrastructure, applications and assets. As your technology users, they follow the necessary processes and procedures to help ensure your organization remains cyber secure, so it is important to give them the knowledge and tools they need to succeed.
At the most fundamental level, however, everyone in an organization is part of its overall cyber posture. It only takes one person to forget about the risk of phishing and open an email that unleashes malware into the network. For that reason, most organizations require personnel to take security awareness training periodically. Does your organization update that training frequently to reflect current events, such as teleworking due to COVID-19? There also needs to be a way to measure the effectiveness of the training.
Another important measure related to people is the status of user accounts. When employees leave the organization, terminate their accounts so that they cannot still gain access.
Key people questions: How many user accounts are still active after an employee is terminated? Do any of those users still have administrative privileges? For current employees, have you reviewed their roles, access rights and security privileges to data and applications to perform their daily job responsibilities? Do they have a “need to know”? Do you have an insider threat program, and the tools to detect and prevent Data Loss Prevention (DLP)?
Assessing these pieces of the “people pillar” are critical to an organization’s cybersecurity posture.
The second pillar: Processes
Process plays a key role in the effectiveness of how your agency responds to cybersecurity incidents. Well-designed processes and procedures help ensure your people and technology know how to consistently and effectively protect your organization from cyber threats.
Some key questions: Do you have an incident response team identified with roles and responsibilities clearly defined to coordinate the investigation and remediation? Are those team members still with the organization? Do you have an Incident Response Plan (IRP) with standardized, tested and repeatable processes to respond to potential cyber security incidents? When was the last time your agency reviewed and updated the IRP?
Does your IRP include processes for capturing and documenting forensics data from the incident? Have you recently performed a Business Impact Analysis (BIA) to identify business/mission essential systems and data, and Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) for these systems and data? Do you have detailed and tested step-by-step procedures for restoring these systems? Do you conduct incident response playbooks and annual tabletop exercises to test the IRP and restore business/mission essential systems?
Ensuring you have addressed these key areas is clearly a step in the right direction in assessing your incident response readiness.
The third pillar: Technology – and the cybersecurity tool ecosystem
If you attended a recent cybersecurity conference, you know the number of cybersecurity tools available is mind-boggling. This includes tools for endpoint protection, data protection, advanced malware, application security, network security, the Internet of Things, secure access, cloud security, messaging, and security operations and management--to list just a few. Because no one tool can protect everything, it is imperative to have a layered cybersecurity approach to provide end-to-end protection.
However, with the broad variety of tools available and the increasing number and types of threats , many organizations have deployed tools to meet immediate needs, developing a confused ecosystem of incompatible solutions.
Technology questions: Have you thought about your current and future cybersecurity workflows and processes in designing your ecosystem of cybersecurity tools? The pillars are interconnected, and when making decisions about one, you must consider how those decisions will affect the others.
Consider flexibility and scalability in your cybersecurity tool ecosystem to adapt to the changing landscape without needing major “forklift” changes. Are you conducting intelligent routing of network traffic to prevent security tool overload and to ensure your tools are optimized?
Do you have visibility into all of your IT assets, including IoT, with your current tools? Are you implementing tools that integrate intelligence and automation to simplify security incident investigations, and automatically isolate a detected compromised asset?
Finally, assess how well your cybersecurity tools are integrated, and if they are compatible to provide you a complete and accurate real-time picture of your cybersecurity posture.
The bigger picture
October is Cybersecurity Awareness Month, but cybersecurity is a year-round concern. For federal agencies and other organizations responsible for safeguarding sensitive or classified information, it might be the single most important consideration. The PPT formula is helpful in evaluating the security readiness of any organization.
For more insight on cybersecurity in the federal government and CGI’s capabilities, browse the Protecting America’s Assets section of our website.