Shifting the Cyber Focus

Why we need more attention to cybersecurity organization and staffing

Why are security departments failing to provide effective, sustainable and cost-effective protection for IT environments and production facilities?

Today, modern cybersecurity tools are among the most frequently discussed topics in the IT and OT security world. They form the foundation of nearly all security domains and are seen by business leaders and the C-Suite as the holy, but expensive, grail to a protected company.

As countless security environments are struggling with heterogeneous environments and technologies, the perception on cyber technologies should be challenged. Not challenged by the selected technologies itself but by the chosen implementation and by the surrounding organization.

In this PoV, we are evaluating current shortcomings in the IT and OT security domains. By analyzing the three cybersecurity dimensions, technology, organization and people, we aim to provide insight into potential fields of action.

OT innovation adoption curve

Fig. 1: Core cyber security pillars

Mature Technology

Cyber Security in IT and OT is a rapidly changing environment with new attack vectors emerging every day. At similar pace, vendors are pushing new technologies into the market, while promising enhanced, effortless and cost-effective security solutions.

This continual stream of new cybersecurity technologies leaves business leaders in a constant reevaluation of procurement decisions, permanent assessment through PoC’s, and endless integration projects. This technology race is not only taking away valuable time and resources from utilizing existing technologies at best but also creating complex and vulnerable environments.

Though leveraging powerful and feature-rich technologies is essential, integration with existing tools but mostly existing processes should not be underestimated. Planning full integration, utilizing existing features, and understanding the limitation of utilized tools should be a priority before considering to purchasing the next security solution.

Choosing security tools carefully and focusing on a holistic integration into the existing tool landscape provides the foundation for effective cybersecurity.

Mature Organization

Coming from a background of siloed IT departments, cybersecurity organizations commonly have evolved in a similar fashion. This siloed placement of security in the organization leaves security professionals distended from important business requirements and fosters the internal segmentation.

With increasing digitalization of modern business environment and production facilities, requirements towards cybersecurity are rapidly evolving. Modern cybersecurity needs to be integrated into business processes to proactively support business needs.

This integration requires cross-functional teams and a visible placement of the security organization. Utilizing robust, controlled, and regularly updated processes, these integrated security teams are enabled to efficiently and effectively identify, analyze and mitigate potential security violations and breaches.

Stepping away from processes as pure compliance-driven paperwork towards functional and efficient communication ways between organizational units and team members provides the framework to utilize team skills and technologies at best.

Mature and well-maintained processes are a strong indicator for a mature cybersecurity organization.

Mature Staff

Observing countless security organizations, a majority shows a similar pattern when analyzing staffing situations. As commonly perceived cost centers, internal cybersecurity staffing is regularly neglected.

Erroneously, organizations assume that security can be provided in a full outsourcing model, limiting internal security activities to compliance work.

Ensuring a cost-effective and efficient staffing model remains one of the most challenging requirements of most organizations. This situation is amplified by still limited availability of security experts on the overall market.

To ensure a protected organization, detailed know-how of IT environments and production facilities are the core asset internal cybersecurity teams can provide. This insight knowhow can be enhanced by external support. However, it cannot be substituted as external providers often face high turnover rates leading to further loss of knowhow with every staffing change.

In order to maintain and enrich the valuable know-how of internal resources, constant training in new technologies, development in the overall cyber landscape and a set of relevant soft skills is required. Focusing additionally on raising the team’s curiosity, while fostering the overall understanding of business contexts, enables a better integration into the organization; therefore increasing the overall team maturity.

Tool Centric vs. Security Centric

Analyzing common security project flows highlights a technology-driven and technology-centric approach. This technology-driven approach places tools in the center, asking the organization and the people to adapt to these selected tools. Commonly, this approach leads to a cluttered security tool landscape, increased maintenance and licensing costs.

OT innovation adoption curve

Fig. 2: Tool centric vs. security centric approach

Reverting this flow enables a security-centric and requirement driven approach.

Starting with sufficient staffing and teams, enabled with essential skills and knowhow, provides a solid foundation to fully understand and evaluate potential threats, attack vectors and outline effective countermeasures.

Planning, implementing and integrating relevant countermeasures into the overall organization ensures an effective resource usage leveraging established processes, tools and communication flows.

Identified gaps towards required countermeasures are complemented by identifying missing features and selecting supplementing tools including the necessary integration and skill enhancement.

This security-centric approach allows for three major benefits:

  • Targeted investments based on requirements are clearly outlined before procurement decisions are initiated
  • Thoughtful usage of limited resources, as tool selection, PoC, maintenance and optimization efforts are limited whenever possible
  • Increased cybersecurity maturity as tools, processes and skillsets are well defined, integrated and aligned

Summary

For a long time, security vendors have been pushing technology as a solution for our security problems in IT and production environments.

At BxC, we believe that these tools are only one part of the solution. We need to build resilient and efficient organization models to run and operate required technologies with sufficient and skilled staff.

A shortcoming in one of these requirements leaves the entire organization vulnerable to potential cyber-attacks while limiting the overall return on investment.

To achieve this vision, we need to gain a comprehensive overview of the current tools and technologies landscape while building a deep understanding of related business and organizational requirements.

We, at BxC, focus our cybersecurity assessments on how tools and technologies are currently used. This way, we gain a deeper understanding where costs can potentially be reduced, where investments are needed and where organizational and process-related changes yield the biggest positive impact.