Why cybersecurity needs better strategic thinking and collaboration.
Cybersecurity is an arms race and, as new research shows, the only way to thwart hackers is with better planning and greater collaboration, writes Stuart Jubb, Group Managing Director of Crossword Cybersecurity
Cybersecurity is never out of the news. From academics warning about threats to the global food supply chain1 to attackers targeting the Eurovision Song Contest2, it can feel like organizations everywhere are under siege.
Worryingly, cybersecurity professionals feel that way, too. Faced with rapid technological change and a growing number of attackers, the industry is short of people with the right expertise and low on options.
We recently surveyed more than 200 senior cybersecurity professionals and the message was clear; even with new tools at their disposal, organizations are more exposed than ever and those running cybersecurity teams are overwhelmed. They are struggling to maintain defences and lack confidence in their strategies. More than 80 percent said that every area of cybersecurity is a challenge, from detecting a suspicious event to securing the supply chain.
Effective cybersecurity requires a rethink. Identifying the problems creates an opportunity to seek solutions. It is time to find new ways to upskill teams, to reorganize cybersecurity operations for the long term and to increase collaboration and information sharing to help make everyone safer.
Rethinking strategy
Perhaps the biggest challenge facing cybersecurity professionals is escaping firefighting mode and starting to think and act strategically. Two-fifths of those we surveyed said they think their cyber strategy will be obsolete within the next two years. A strategy that is out of date so quickly is really no strategy at all. The chief information security officer (CISO) must be able to focus on the next five years and beyond to create a robust and effective strategy that is forward-looking, well-resourced and capable of withstanding changing circumstances.
Instead, CISOs are getting sucked into day-to-day incidents. To some extent that is unavoidable because their expertise is needed to manage incident response. It might be time, therefore, to create a new role of strategy manager – someone who can think about the seasons to come and not get stuck in the weeding. The CISO would still define the strategy, but the strategy manager would ensure that the organization keeps progressing even when the CISO is dealing with an incident requiring urgent attention.
Some CISOs we spoke to emphasized the need to engage the entire organization in cybersecurity. Working closely with the board to understand C-suite risk appetite is vital, but so is creating a consensus around cybersecurity vigilance across the business. If everyone understands that cybersecurity is part of their responsibility, then some of the pressure on the security team will be eased.
Looking beyond technology
Almost one-third of those surveyed said lack of skills is holding back their cybersecurity strategy. Many are responding with new technology. Two-fifths of respondents said they are prioritizing cybersecurity mesh architecture (CSMA), which makes security products interoperable – even across organizations. One-third said they expect increasing use of automation, including machine learning tools, to be a key trend for the next year.
Technology alone won’t be enough, though. People remain the weakest link, even with the best tools, so quality training and robust organizational policies are crucial. And those policies must extend to third parties. Every attack is a supply-chain attack, so ensuring that third parties are protected and following sound procedures needs to be an ongoing task, not just something that happens during procurement.
The best cybersecurity teams are already collaborating with businesses in their own supply chains. They recognize that an attack on a small software manufacturer, say, or the supplier of even one ingredient can bring an entire operation to a halt. Modern business is highly connected, so organizations must find new ways to work together and create a consensus on best practice.
Better collaboration
In fact, increased collaboration should be central to cybersecurity strategies of the future. As well as developing a standard operating model for businesses in their supply chain, organizations should look for ways to collaborate with competitors and the smartest companies in other sectors. Attackers collaborate, share tools and adopt each other’s techniques. Cybersecurity professionals must do the same if they want to match them. This is an area where CSMA tools could be invaluable.
The competitive instinct goes against collaboration. A CISO for a major corporation might view their job as to protect only their business and believe that they benefit if a rival suffers a breach. But attackers don’t think like this. Everyone benefits by making life harder for the attackers.
Cybersecurity professionals must expand their view of collaboration even further, to national and international level. Critical national infrastructure is a major target. Russia’s invasion of Ukraine, for example, was preceded by a series of infrastructure attacks over many years. Power, water, telecommunications and other infrastructure is often in the
hands of multiple organizations and agencies, and better collaboration is vital to keeping it secure and maintaining services in an increasingly turbulent world.
A brighter future of improved cybersecurity will require the right mix of tools, processes and policy, implemented by a mix of skilled staff and specialist third-party expertise. The industry is engaged in an arms race. Winning it requires collaboration and better long-term planning.
