Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Five Considerations for Being Proactive Without Becoming a Problem Yourself

In my previous article for SecurityWeek, I discussed how the city of Atlanta handled a recent snowstorm to illustrate the difference between having the information necessary to accurately predict events and taking proactive steps to alter or alleviate the outcome.

In my previous article for SecurityWeek, I discussed how the city of Atlanta handled a recent snowstorm to illustrate the difference between having the information necessary to accurately predict events and taking proactive steps to alter or alleviate the outcome. The timing was particularly interesting because Atlanta had the chance to redeem themselves almost immediately with another large storm bearing down on them on the date of publication.

Given my new-found interest in how southern cities react to winter weather, I read a good deal of the news coverage on how they were applying lessons learned and if they would be taking a proactive stance towards this next storm. The passage below from a recent AP story sums it up quite well:

Georgia Gov. Nathan Deal indicated on Monday that he and other state officials had learned their lesson. Before a single drop of freezing rain or snow fell, Deal declared a state of emergency for nearly a third of the state and state employees were told they could stay home if they felt conditions were too dangerous. Schools canceled classes, and Deal urged people who didn’t need to be anywhere to stay off the roads. Tractor-trailer drivers were handed fliers about the weather and a law requiring chains on tires in certain conditions. “We are certainly ahead of the game this time, and that’s important,” Deal said. “We are trying to be ready, prepared and react as quickly as possible.”

Security StrategyNow let me preface all of my by stating that I don’t have any special kind of insight into any decisions that were made, the data they had on hand or their ability to handle another weather emergency. The direction they provided may have been spot on and appropriate in this situation.

However, I do want to use their reaction, even potential overreaction, to the second storm to make another point that I believe greatly impacts the role security professionals play in their organizations. As a society, we have a tendency to overreact. Whether in a business setting or in our daily lives, when something goes wrong, we generally overcompensate to ensure we are protected from the threat moving forward. While this may seem like the proper reaction to a threat at the time, it can also have wide-spread negative effects on the business.

As security professionals, we are always walking the line of what we can do to protect the organization but still allow for its employees to function at the highest possible levels of productivity. It’s not always easy to strike a balance and there is a component of risk that comes with every decision. It becomes particularly sticky following any type of security event. So how do we make it work?

Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.

1. Always be seen as proactive rather than reactive – This sends the message to the organization that you are in control and managing the threats rather than them managing you.

2. Be an enabler, not an inhibiter – By working with your organization to find secure solutions to problems rather than blocking usage altogether puts security in a more positive light and employees are more likely to follow protocols as a result.

3. Educate, don’t berate – The human element is always the weakest link in security and you need to accept that people are going to make mistakes. Use these times as a chance to educate them on best practices rather than belittling them over a mistake.

Advertisement. Scroll to continue reading.

4. Remain calm when problems arise – The nature of the security business is that things will go wrong at some point no matter how well you plan. The ability to be focused and analytical in time of crisis is what separates the professionals from the also-rans.

5. Think like an attacker – Ask yourself where, when, and how am I likely to be hit? That is the question every security pro should ask multiple times a day, helping eliminate guess work and allowing for a neutral view of network defenses.

No one will deny the fact that security is hard. Not only do you fight a daily battle with hackers and emerging vulnerabilities, but you need to straddle the line of locking down the corporate assets while still allowing employees to conduct operations. Let’s face it, pulling the plug on everything connected to the Internet is really the only way we can be sure we are protected, but that simply isn’t practical. Being in business creates risk and our job as security professionals is to mitigate these risks to the best of our ability without dramatically impacting business operations.

Hopefully by keeping these five things in mind you’ll find it a little easier to strike the proper balance in your organization.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...