Have you finalized your agenda for RSA Conference 2020? The security industry’s seminal event is just around the corner and this year’s theme is “Human Element”. Empowering the human element of cybersecurity is a theme I believe we can all get behind. Here are three reasons why it resonates for me:
1. Humans will always be essential to security. For years, we’ve layered defenses so that if one fails, another layer is there to stop the attack; we’ve searched for the next “silver bullet’ security technology to solve all our cybersecurity challenges; and, we’ve subscribed to more and more threat feeds to improve security posture. Clearly these approaches haven’t worked. We continue to be bombarded with a slew of headlines about compromises and breaches, and the velocity of attacks is increasing.
One aspect that’s often overlooked amidst all this activity is the interplay between humans and technology. After all, security professionals are the ones who understand their environment and security profile and are able to define risk. They’re also the ones with the experience to determine the right action to take in their environment. Sure, layers of defenses, new technologies and threat feeds are necessary to mitigate risk. But these tools can’t operate on auto pilot. Human intelligence – intuition, memory, learning and experience – is essential.
The focus should be on looking for ways to bridge the gap between people and tools to strengthen defenses. For example, security professionals are drowning in data generated by each layer in their security architecture that creates its own logs and events. Not to mention the millions of global threat data points, from commercial sources, open source, government, industry and existing security vendors. Through a platform that correlates internal threat and event data with external data on indicators, adversaries and their methods, teams quickly gain context to understand the who, what, where, when, why and how of an attack. Now, they’re in a position to analyze and prioritize based on relevance to their environment.
2. Humans that are highly skilled in cybersecurity are in short supply. Given the global shortage of cybersecurity professionals which has now surpassed 4 million according to ISC2, and the volume and velocity of increasingly sophisticated threats we all have to deal with, defenders need to be able to move faster with confidence. We simply must automate certain time-intensive, manual tasks if we want to retain and make better use of the security professionals we have. When teams are bogged down in mundane tasks and reacting to alerts, they don’t have the time to combat real threats and conduct investigations quickly to mitigate risk, or to proactively strengthen defenses.
However, we need to introduce automation early in the security lifecycle in order to be effective. We all know that security teams are dealing with a tremendous amount of noise. Jumping to the end of the security lifecycle and using automation to take action – like automating playbooks and automatically sending the latest intelligence to the sensor grid (firewalls, IPS/IDS, routers, web and email security, endpoint, etc.) – can backfire and create more noise.
One of the best ways to reduce noise is to introduce automation early to accelerate and simplify scoring and prioritization of threat data. Applying an automated scoring framework based on a specific company’s risk levels to filter the intelligence into a manageable subset can reduce the actionable dataset by 95% or more. Now highly skilled resources can focus on what really matters to the organization. They remain engaged and motivated and productivity skyrockets.
3. Humans are our weakest link. Due to the proliferation of personal devices and applications in the workplace, and the belief that the responsibility for security rests solely with the employer, the weakest link in security will continue to be the human element. If we’ve been successful at bridging the gap between people and tools and introducing automation early, security teams will be better armed to proactively hunt for threats. When they find malicious activity, they will be able to apply automation at the end of the security lifecycle with greater confidence and reliability. Automatically updating the sensor grid with the latest intelligence strengthens defenses by orders of magnitude and frees up the team to move on to the next high-priority activity.
At the same time, we need to redouble our efforts on education to help individuals understand the risk they can unwittingly introduce to the organization, and their role in helping to mitigate. According to SANS, focus training to address the top three human risks: phishing/social engineering attacks, passwords and accidents due to lack of awareness and technology complexity. To truly change behavior, SANS advises going beyond annual computer-based training and continuously train and reinforce key concepts year-round through additional methods, including guest speakers, ambassador programs, games, infographics and newsletters.
When you’re at RSAC next week remember the “Human Element” is a great lens through which you can view and help assess the value of companies you partner with for security. As you attend sessions and walk the floor, take note of those you believe do and don’t do a good job of helping the people on the front lines who are working to make the world more secure. There’s ample opportunity for every security vendor to support the human element. When more of the industry does their part, we all win.
