Practicalities for Security Teams in the Information Age
Protective intelligence has always been focused on the future — seeking to prevent risk events from impacting the organization. With a focus on proactive synchronization across channels and landscapes, security teams bring a preemptive approach to managing threats. Tactically speaking, how do we take that same type of forward thinking approach and apply it to corporate security teams? The backbone of this approach is digital transformation.
In thinking about digital transformation and the role of technology for security teams, there are three evolving areas:
- Proactive Threat Assessments (including tactics used)
- Digitized Security Controls and the Internet of Things (IoT)
- Corporate Security Team Competencies
The combination of these three areas set the course for digital transformation and the evolution of corporate security teams.
Proactive Threat Assessments
Over the last year, there have been countless digital attacks against private organizations’ assets in the news and many more that went unreported. These attacks take many forms and cross the cyber and physical realms.
- First, there are events such as the SANS Institute hack, where an adversary gains access to an organization’s data by phishing a single employee then leverages their account to steal sensitive information or even hold it for ransom.
- Second, and perhaps most disturbing, insiders within an organization are using digital resources / assets of the organization in an unauthorized manner that harms the organization’s reputation and share value, similar to this past insider threat incident at Tesla.
- Finally, there are the more routine aspects of accounts being compromised because of employees not following elementary security practices (e.g. post-it notes with passwords and not exercising skepticism).
These are some of the ways that digital transformation has created new threats. However, it has also led adversaries to adapt new approaches and methods for targeting organizations.
One of those primary tactics adopted by adversaries is endless and organized social engineering attacks against organizations. Account takeover is one of the most common and one of the most damaging threats modern organizations face. This can lead to endless immediate term issues, such as data being encrypted / held ransom or the company being blackmailed to pay a fee to prevent public humiliation. There are the long term consequences of loss of consumer trust and a declining stock price.
TIP: Simple but effective controls for preventing these types of incidents include employee security awareness training, implementation of MFA (multi factor authentication), and more.
A second approach by threat actors is intellectual property theft — especially that which is facilitated by foreign governments. Over recent years this has garnered significant media attention. U.S. Government sources have written endlessly about how foreign governments are using varied methods to spy on and steal from private organizations. These methods range from systematic, financed hacks facilitated by foreign governments that take place over years, with the goal of stealing proprietary information.. It also includes foreign government’s initiatives to plant government agents in privileged positions, such as the DOJ’s case against a former Stanford University researcher from early 2021.
TIP: Preventing intellectual property theft is no easy task. However, the implementation of an insider threat program that vets potential new hires and puts safeguards in place to alert security teams of unusual activity (e.g. using an external hard drive to save company files) can provide a layer of protection.
Digitized Security Controls and the Internet of Things (IoT)
Yes, digital transformation has widened every organizations’ attack surface — but it’s also empowered security programs to a point where they can accomplish more than their predecessors ever dreamed.
One of the key drivers for this is the converging of networks driven by connected devices and the IoT. Security systems of all types (physical and information based) are leveraging information like anomaly detection, running process rules (“if this, then that”), and triggering alerts.
Increasingly, individual hardware devices like access control, cameras, and location detectors are connected together to create an expansive network for information to move across. This has become a powerful force for security teams as that information is quickly turned into intelligence, triggering process rule-based protective measures. For example, if a pre-incident indicator is detected (e.g., the badge of a terminated employee is used), then take this action (e.g., do not allow entry, flag section of video footage, and send an alert to the security manager across devices all within seconds). While somewhat rudimentary, it serves as an important foundation for managing an expansive threat landscape and putting automation in place to thwart potential incidents.
Digital transformation in security continues as smart security systems work to develop a “pattern of life analysis” for users/employees/others. This means that when something out of the norm occurs (e.g. a user uses an unusual amount of bandwidth or logs in from an unusual location), then security resources are alerted to investigate the anomaly. This type of technology is being applied in many information security contexts, and in the near future will likely be applied in more physical security contexts such as access control systems, and more.
Corporate Security Team Competencies
Even with 20+ years’ experience in corporate security and having attended every workshop held by ASIS — this may not completely prepare you to brief an executive on corporate security strategy. Increasingly, information-based issues are top of mind for executives and every security team is responsible for being able to speak to these topics (at least at a high level) and then employ the right team to execute and protect the organization’s assets.
Be prepared for digital transformation in your own organization by embracing the humility of our own security prowess and the convergence of cyber and physical security efforts:
- Embrace continual learning. Dedicate time to learn about the common and high impact digital challenges facing organizations, and how our peers are addressing them. ISC2 and SANS Institute offer many resources and host events to help in this area.
- Have an up-to-date rolodex. Befriend true, reliable experts that you can consult on niche topics when you are outside of your “wheelhouse”. No one can be an expert on all security topics, so borrow the brainpower and input of your peers.
- Remember that technology requires humans to execute. No matter how awesome your security technology is, the mission can’t get accomplished without engaged security practitioners behind the wheel. Dedicate time to developing talent and taking care of the troops.
Led by digital transformation efforts, organizations continue to evolve. New, connected devices and new, connected threats call for an evolution in the competencies required by corporate security teams. How we adapt to the changing landscape of threats will define protection and the next generation of corporate security professionals. To learn more about staying ahead of threats through unifying both digital and physical security information, read our article on How Companies Stop Insider Threats Before They Occur.