Is Your Data Safe While You Sleep?
Prof. Dan Haagman
Pen Testing Expert | CEO - Chaleit | Hon. Professor of Practice | International Conference Chair | Aus CISO Advisory Board | Co-founder of Cyber firms NotSoSecure & 7Safe (both acquired) | Commercial Heli & Plane Pilot
Cyber security isn't a 9-to-5 job. It's a relentless, 24/7 cycle that doesn't pause for weekends, holidays, or our much-needed rest.
Hackers don't adhere to our schedules; in fact, they often exploit the times when they know our defences might be at their weakest.
Recent events have highlighted a crucial point: while having experienced cyber security leaders make excellent decisions during crises is invaluable, what happens when those leaders aren't available?
I've seen instances where organisations weathered cyber security storms thanks to well-prepared teams and robust processes. But are the systems overly dependent on key individuals' immediate decision-making?
To address this challenge, many organisations turn to outsourcing or extending their teams to provide round-the-clock coverage. This often involves engaging Managed Security Service Providers (MSSPs) who offer outsourced monitoring and management of security devices and systems. However, this approach has its faults.
These arrangements are often inefficient, primarily because we don’t define responsibility correctly.
When organisations engage third-party providers, they typically focus on service specifications and contractual obligations. But what's often missing is the transfer of critical contextual knowledge.
It’s easy to outsource tasks to vendors and treat them as external contractors, but neglecting to invest in knowledge transfer and collaboration can lead to serious problems.
Without clear definitions of critical events, standards of excellence, and authorisation guidelines for vendor intervention, how can a third party be efficient? How can it truly understand the intricacies of an organisation’s network, the value of the data, and its risk tolerance?
?How can the vendor make informed decisions on people’s behalf without proper guidance?
This gap in knowledge transfer can lead to situations where providers are either too hesitant to act or unaware of the full scope of their responsibilities. They might not intervene in a critical situation because they weren't sure of their authorisation, feared potential downstream effects, or simply couldn't reach someone for approval.
The result? Organisations are at risk, even when they believe external providers adequately manage security. Their data is not safe while they sleep.
?
领英推荐
Another critical aspect to consider is supply chain management. Data systems often have numerous dependencies, including inline data providers. How can we ensure that providers adequately protect the components that host, protect, or interact with the data? The supply chain has become increasingly opaque and complex, making it difficult to maintain visibility across all potential vulnerabilities.
Outsourcing security to a third party is one of the hardest things to do. Even when things are done well initially, the lines of responsibility can become blurred as organisations evolve and adapt, making it challenging to ensure that external providers are aware of the latest changes and capable of fulfilling their obligations.
So, how do we ensure our data remains safe while we sleep? The answer lies in a multi-faceted approach:
1.? ? Clearly define responsibilities and accountability. We must explicitly outline who is responsible for what and ultimately accountable for our data's security.
2.? ? Invest time and resources in transferring knowledge to security partners. This isn't a one-time effort but an ongoing process. You must consistently share your understanding of your network, data, and risk preferences with your partners.
3.? ? Authorise and empower partners to act decisively in your absence. Provide clear guidelines on when and how they can intervene without needing approval.
4.? ? Analyse successes and near misses. Don't just rely on monthly reports of prevented attacks—dig deeper to understand patterns and refine strategies.
5.? ? Conduct regular workshops and briefings. Bring together internal teams and external partners often to ensure everyone is aware of changes.
It's not enough to receive monthly reports telling you how many attacks were prevented. As partners, we must clearly understand responsibility and work with clients to refine our approach continually. It’s the only way to keep data safe 24/7.?
?
? Be honest: How comfortable do you feel about your data security when you’re not around??
? What challenges have you faced working with third-party security providers, and how have you overcome them?
Let's continue this conversation and work together to keep data safe around the clock.
#informationsecurity #cybersecurity #ciso #infosec
Co-Founder & CEO @ Cydarm Technologies
6 个月Great post, Dan! Covering off on the oft-neglected benefits of maintaining SOPs/playbooks with clear decision and escalation points, and the need for a robust system of record to maintain accountability and drive constant improvement.
Cybersecurity Influencer | Advisor | Author | Speaker | LinkedIn Top Voice | Award-Winning Security Leader | Awards Judge | UN Women UK Delegate to the UN CSW | Recognised by Wiki & UNESCO
6 个月Great insights Dan! The skill of explicitness is far too under used by leaders. I find it’s useful to inform parties what good looks like as well as what bad looks like. Additionally, we must improve our cybersecurity culture so our teams feel safe to ask questions as well as report security incidents, near misses, errors, concerns without fear of punishment.
I save companies from evil cyber villains | Advocate for kindness in tech | The hype person YOU need in your life | High ENERGY speaker!!! | Avid beard grower
6 个月You're a wild card, a bonus round, and a high-score all rolled into one!!!!! ??????