Closing the People, Processes and Technology Gap: How Innovation Can Strengthen Your Cybersecurity Program

It’s no secret that many cybersecurity programs lag behind the rest of the business when it comes to embracing innovation. The security systems of the past were reactive rather than proactive, built around responding to threats rather than blazing trails. But this approach is no longer viable.

A robust security model is built on three pillars—people, processes and technology. Unfortunately, a failure to innovate could negatively affect your ability to excel at all three.

The People Gap

There are approximately two million open roles across the cybersecurity industry, with around half of all security organizations reporting “problematic” shortages of security skills. Because the current, reactive security operations center (SOC) model places people rather than technology on the frontlines of cybersecurity, a security staffing shortage poses a significant danger.

This is exacerbated by the fact that cyberattacks constitute a constant threat, making security an around-the-clock job that requires either a large, costly staff or a smaller team at risk of boredom, burnout and alert fatigue. It can take from three to six months or longer to fill each role, and even after you make the hire, you may not be able to retain those employees.¹ This means that you can no longer rely on employees with institutional knowledge to keep your business secure.

The Process Gap

Cybersecurity spending has been on the rise for the past decade and is expected to increase each year. But despite this surge in spending, most organizations leverage only 40% of their security investments. Most of the tools companies purchase to enhance their security are never fully integrated, or, worse, never integrated at all. Experts estimate that about 25% of all security software purchased ends up as “shelfware.”²

Even when they are put to use, these tools often require significant manual labor and effort to manage, diverting time and resources away from initiatives that could have a greater impact on the business itself. Many companies also lack the reporting processes needed to assess whether new security measures are successful, much less communicate their value to other stakeholders within the organization.

The Technology Gap

Although vital for growth, innovations like cloud technology, advanced analytics, artificial intelligence (AI), digital transformation and Internet of Things (IoT) initiatives add IT and operational complexity for the companies that adopt them. Data now lives everywhere and can be accessed from anywhere, rendering outdated cybersecurity technologies that fail to secure cloud, mobile and other off-site data ineffective. The fallout from this is already evident: cyberattacks are increasing in both frequency and scope, with the average total cost of a data breach increasing by 6.4% each year.³ Even a single data breach can cost a company tens of thousands of dollars.

5 Steps to Solving the People, Processes and Technologies Equation

Organizations often make one of two mistakes when it comes to their cybersecurity strategy: relying too heavily on individual experts or employees to act as a human barrier between the business and security threats, or investing in new security technologies without the necessary people and processes in place to implement them. Either can leave you vulnerable to attack and result in loss of data, unforeseen costs and technology debt.

The solution is achieving the right combination of people, processes and technology to evolve your security program.

So, what does that involve? Here are five steps to improve talent acquisition and retention; create meaningful processes and measurable reporting; and embrace technological innovation.

1. Perform a programmatic assessment. There is no one-size-fits-all approach to evolving your cybersecurity program. Any changes you make to how you utilize people, processes or technology must align with your unique business needs and risk tolerance, as well as any industry-specific requirements, industry-standard frameworks and known security threats. To begin, your entire security ecosystem—on-site, cloud, mobile—should be assessed with an eye to eliminating overlaps and redundancies, decreasing complexity and streamlining security operations. This assessment may include, but is not limited to, staffing, capabilities, security architecture, security technologies, threat hunting, threat modeling, playbook automation and orchestration, software development life cycle, use cases, incident response and management, vulnerability management, communications, KPIs/KRIs and reporting.
2. Shift from SOCs to Advanced Fusion Centers. Reactive SOCs rely on constant monitoring and manual human labor to identify and respond to cyberattacks. Advanced Fusion Centers, or AFCs, put technology and automation at the forefront of predicting and repelling security threats. This model minimizes operational costs and frees staff to focus their energies on more strategic initiatives, which increases scalability and decreases burnout and attrition.
3. Identify and report on key insights and metrics. You won’t know whether your security efforts are successful without adequate reporting processes. Effective cybersecurity program reporting should include updates on KPIs associated with risk, revenue and operational impact, productivity, strategic impact of the cybersecurity program, cost and ROI.
4. Leverage flexible cybersecurity consumption methods. Gone are the days when you had to choose between managing all of your cybersecurity operations in-house or outsourcing them altogether. Today’s cybersecurity partners offer a variety of flexible consumption methods based on your business needs. Modern cybersecurity consumption models include consulting, managed services (full or partial) and Cyber-as-a-service(CaaS). These models are especially efficient at helping clients secure cyber targets like the cloud, mobile and and IoT without incurring major tech debt.
5. Implement proactive threat hunting. A mature cybersecurity strategy employs a mix of skilled cybersecurity experts and technology to anticipate and prevent threats and attacks even as skilled attackers develop new tactics, techniques and procedures.

Closing the people, processes and technology gap by embracing cultural and technological innovation is one of the first and most important steps to creating a mature cybersecurity program. Learn more by reading Optiv’s Creating Clarity Out of Complexity white paper.

Sources:

1. ISACA, State of Cybersecurity Report, 2019.
2. Optiv research
3. Ponemon Institute, Cost of a Data Breach Study, 2017.