Five Ways for Cyber Security Teams to Successfully Adapt to Evolving Environments

Mike Holcomb, Director - Information Security, Fluor (NYSE:FLR)

Finding ourselves at the beginning of the Fourth Industrial Revolution, organizations are working towards transforming their businesses to take advantage of the latest technologies and solutions, more and more of which are becoming connected to enable new functionality by sharing data. Companies today are evolving at an ever-increasing rate and will only continue to do so. While most company leaders will agree that ensuring cybersecurity across the business is important, security requirements will very rarely slow or stop a company’s forward momentum in digital transformation.

As IT and cybersecurity professionals, it is our responsibility to position ourselves to best protect our organizations, clients, and employees from cyber risks that are introduced in an ever-expanding connected environment as this new technical and digital revolution continues. Here’s a compiled list of five ways you can help support your company’s changing technological landscape while strengthening its cybersecurity posture:

1. ALWAYS BE PREPARED TO ADAPT (AND THEN ADAPT SOME MORE)

Start by understanding that the company is changing and it will continue to change. Cybersecurity teams can often seem to be at the mercy of the winds of change, especially as companies rush to transform with the latest and greatest technologies. Not only do new systems bring new capabilities, but they can also bring new regulatory, cultural, and security concerns. One only needs to look to GDPR to see how companies have had to evolve their security, and privacy practices, not to mention how they will need to continue to evolve these practices as other global privacy laws continue to evolve.

Security leadership must grow a positive mindset that change is here to stay and determine an overall strategy that takes into consideration the uncertainty of the future while helping support the company in its latest digital innovation and at the same time, accounting for potential roadblocks including cybersecurity concerns.

2. NEVER SAY NEVER

Building off of the idea of always being ready to adapt, we need to ensure that we are able to support the business in achieving its goals—as securely as possible. When the company’s leadership launches a new initiative, it is necessary to support the business in making that new initiative or project as successful as possible without being considered a roadblock. Realistically, the initiative or project will happen regardless— with or without the security team’s involvement. Keeping this in mind, we want to be at the table as early in the development of the project to ensure that the project is delivered on time, under budget AND as securely as possible.

3. ALWAYS BE LOOKING FOR NEW VULNERABILITIES AND RISKS

With new systems and applications come new vulnerabilities. Not only are there new risks introduced to the environment with new systems, but there are also vulnerabilities that come into being when connecting systems which were once independent of each other. In order to discover and remediate these new vulnerabilities in a timely manner, security leaders must ensure that they adapt their current vulnerability and risk assessment processes to reflect new environments, technologies, and other evolving factors.

For some security teams, they are still working to develop these processes for cloud environments and other new technologies even though their companies have been doing business in the cloud and using these new systems for years at this point. We cannot wait this long to update our ability to automatically scan for new vulnerabilities and prioritize them based on the true risk each presents to the organization. Once we discover a vulnerability, we need to ensure that it is remediated in a timely manner and that we verify the issue was indeed addressed.

4. CONTINUOUSLY EVALUATE AND IMPROVE

As the organization continues to evolve, the security team must evolve too—not only in its support of the company’s mission but also in support of its employees. While most organizations are evolving, the members of the security team are not always. Leaders must encourage their team members to take training each year to grow their skills, both technical and non-technical, helping to build off of their existing strengths while helping to compensate for skills needing improvement. An organization’s security posture is only as strong as its cybersecurity team. Training helps strengthen both at the same time.

Training also helps the security team look outside of itself and the organization it supports. Too often, security team members can develop tunnel vision, focused on protecting their organization, but losing track of the world evolving around them including the latest tactics and techniques used by attackers. Team members should take the time to not only look at the current security landscape but also examine how other organizations, especially those similar to their own, are protecting themselves in today’s world.

It is essential that cybersecurity team members look to the growing cybersecurity community to develop a much more well-rounded approach and increase their own knowledge set and skills.

5. USE METRICS TO COMMUNICATE AND DEMONSTRATE

“Not everything that counts can be counted, and not everything that can be counted counts.” - Albert Einstein

One of my favorite quotes attributed to Einstein helps demonstrate the struggle many security teams have in being able to effectively measure what they do and how they support the organization in doing so. It is essential that the security team gathers relevant metrics that demonstrate how it helps support the business and how it aligns with the company’s business objectives. Any metrics that are gathered and reported on should demonstrate how the cybersecurity team helps the business succeed so that it can be seen as a business enabler—and ultimately be actively engaged in the future to help continue security the company and all of its latest endeavors.