Cut Through the Data Clutter: Dealing with Information Overload
Dan Haagman
CISO & Cyber Strategist | CEO - Chaleit | Former co-founder of Cyber firms NotSoSecure & 7Safe (both acquired) | Designer of Cyber MSc(s) | Commercial Helicopter & Aeroplane Pilot | JetPack Pilot | Sat-Radio Nerd
Here’s a harsh reality: many seasoned cyber security professionals are drowning in a sea of data. They work in environments that create and reward complexity and struggle to come up for air.??
Recently, I spoke with a newly appointed CISO who shared a story that resonates across the industry.
They shared a typical scenario: A CISO arrives at a new company, eager to make an impact. Their first meeting is with a colleague who immediately unloads an avalanche of data, systems, and concerns. The sheer volume of information is overwhelming, and it’s clear that this isn’t just about data – it’s about people dealing with too much information.
This situation happens time and time again, and it’s not efficient or driving outcomes. We’ve become so focused on collecting data that we’ve lost sight of its purpose.
How does this happen? There are a few factors that contribute to this situation.?
Large enterprises deploy complex software solutions that generate endless streams of logs and alerts. While the intention is to gain visibility, the reality is often a cluttered landscape where critical insights are buried under mountains of irrelevant information.
Nowhere is this more evident than in vulnerability management . It’s one of those areas where data clutter has truly spiralled out of control. We’re inundated with vulnerability reports, each containing hundreds or thousands of potential issues. The sheer volume makes it nearly impossible to see the forest for the trees.
But here’s the thing: while we obsess over vulnerabilities within our defined scope, we often miss critical assets that fall outside our purview. This includes supply chain vulnerabilities and unknown assets we’ve failed to account for. We’re measuring what’s inside the box while completely overlooking what’s outside – and that’s where the real danger often lies.
I just read a fascinating paper by Calvin Nobles, Ph.D. and Nikki Robinson on “The benefits of human factors engineering in cyber security” . Their work highlights a crucial point: data overload and clutter directly correlate with the human factor in cyber security. It’s not just a technical problem; it’s a human problem.
As human beings, we tend to gravitate towards hard data because it gives us visibility. Moreover, people in organisations are inclined to collect more tools for various use cases — all producing output. Then, they need the “tool of tools” to integrate all the other tools. What do we get as a result of this? Clutter and information overload.
?Add to the clutter compliance requirements, and we get the perfect storm.??
?When we measure the wrong data or have too much of it, it’s very easy to lose our way. Then, we see burnout, stress, attrition, and breaches. As Shana Uhlmann warns, "we’re dealing with an aptitude crisis: learning how to use these tools, critically analyse them and use them well."
Further, in an exchange of texts we shared around this very point Shana adds; "If you are collecting data and don’t know how you will use it or if you don’t actually have resources to investigate, evaluate insights and action them, then you’re wasting money collecting it in the first place!"
?
Nobles and Robinson’s research emphasises the importance of understanding the “why” behind our data collection and analysis. Too often, we collect data simply because we can, without asking crucial questions like “So what?” or “Do we actually care about this?”
I’m reminded of the early days of aviation when pilots faced a similar challenge. As cockpits became more advanced, the amount of data presented to pilots increased exponentially. This led to information overload and, tragically, accidents. The solution? Clean design. Present only the most critical information, with the ability to drill down when necessary.
In cyber security, we need to adopt a similar approach. We must ask ourselves: What are the key indicators that truly matter? How can we apply the principle of subtraction to our data and processes? It’s not about having less security but focusing on what’s truly important.
领英推荐
?
Here are a few strategies I’ve found effective:
?
I’m not advocating for removing all controls, but if you look at where most breaches come from, they often involve human decision-making errors. I’m not referring to phishing but rather to decisions about how technology is applied.
Technology is simply a tool that allows us to access and view information. However, if we don’t pay attention to warning signs or make poor decisions about technology use, we put ourselves at risk.
For example, a pilot who ignores terrain warnings while focusing on other tasks could fly into an object. Similarly, in the cyber world, we can face negative consequences if we don’t properly manage information overload.
Therefore, it’s crucial to cut through the data and focus on the most important information. By doing so, we can reduce the risk of cyber incidents and ensure that technology is used safely and effectively.
?
I’d love to hear your thoughts:?
-How do you balance the need for comprehensive data collection with the risk of information overload in your organisation?
-What strategies have you found effective in distilling large amounts of security data into actionable insights?
-How are you making sure tools are used efficiently?
?
Please share your experiences and insights in the comments, and let’s create space to think.
#informationsecurity #cybersecurity #ciso #infosec
Cybersecurity Influencer | Advisor | Author | Speaker | LinkedIn Top Voice | Award-Winning Security Leader | Awards Judge | UN Women UK Delegate to the UN CSW | Recognised by Wiki & UNESCO
2 个月Dan, love how you're drawing parallels between aviation and cybersecurity! ;) In the world of cyber, it's all about accuracy rather than precision and cutting through the noise, right? Additionally, about ensuring you're measuring the right metrics, and not being afraid to reduce the data that you could collect from the tools available. It's about reducing risk rather than increasing it.
Cybersecurity Strategy & Transformation | Manage Complex, High-Profile Risks | Build Scalable, Resilient Teams | Foster Culture of Risk Prevention & Protection | Collaborative & Transparent Leader | US Navy Veteran ??
2 个月I’m so glad you and Calvin connected!