In recent weeks President Biden issued a statement encouraging organizations to level up their cyber defenses in what he called “a critical moment to improve domestic cybersecurity and bolster national resilience.” The following week, the federal budget proposal for FY2023 was released with a nearly $11 billion line item for cybersecurity measures. These announcements speak to a persistent problem plaguing public and private sector organizations: how to best secure networks and where to allocate resources.
Too often, companies, organizations and even government entities exclusively correlate the amount of money spent with the resilience of a network. While investment in new capabilities is important, organizations must also understand that buying tools and resources cannot substitute for solid fundamentals, consistent training and effective integration of tools and automation. Before buying more, organizations should assess the effectiveness of their full arsenal and maximize what they currently have. At Forescout, we recommend organizations level set their understanding with basic hygiene first:
- Know your environment – What devices are connected? What systems are they running? What could pose an immediate threat or risk to the organization? When organizations gain visibility into everything connected to the network, including IoT and OT devices, they can better assess what kind of security tools will be most effective.
- Take inventory of existing security processes and check to see that they are functioning properly. Be mindful of where security tools do and do not overlap.
- Find your noncompliant devices and quarantine them immediately so they can be investigated.
Once an organization has a strong understanding of its digital reality, they can turn their attention to improving their security posture. Making such adjustments requires companies to ask questions like:
- What are we automating? What could we automate to free up our security resources to focus on what matters? Automation is a powerful tool in cyber defense when used appropriately. Some tasks can and should be machine-led while others need individual oversight. Think of this like physical security – when securing a facility, cameras run autonomously and can see everything without blinking, but a security guard is better able to analyze anomalies. What in your organization can be secured by a camera and what needs a human sentry?
- Is our staff appropriately trained and informed on how to make best use of our cyber tools? If not, existing investments will never work at max capacity. Ensure your staff is well-trained to execute in your current security posture before saddling them with more tools to manage.
- What is our next right thing? If/when we do get more funds, where would they be best spent? Having a plan for future investments enables companies to effectively layer their cyber arsenal and build strategically.
Impenetrable infrastructure is a myth. All networks can be breached regardless of how much you spend on solutions. Cybersecurity effectiveness requires a better measure; that is, how quickly companies can restore functionality and data confidence.
Security teams face many challenges, starting with how to deal with an explosion in the number of digital assets amid a shortage of qualified cybersecurity personnel and limited budgets. Rarely is a new tool the answer. Organizations need to focus on what really matters and invest accordingly. True investment means maximizing what you already have by identifying gaps, understanding where you are in your cyber journey and what you need next. Most times, it’s not more money – it’s a more complete understanding and action plan.