In the unpredictable battle for cyber security, it can feel like a security breach is always imminent. But even, or especially, in this environment, it’s essential to keep one thing in mind: defenders can win. “Despite countless attempts on strategically valuable assets, defenders can have the advantage,” says Greg Boison, Director of Homeland and Cyber Security at Lockheed Martin. The key, Boison says, is often stopping to ensure resources are being used efficiently and effectively before plowing ahead with new efforts.
Maximizing the return on cyber security investments is critical to a strong, cost-efficient defense. “This comes from employing the best approaches (like the Cyber Kill Chain) to leverage the knowledge that can be gleaned from defending your own enterprise.” But how do you know if you’re really making the most of what you’ve got? Check out these six common ways companies waste valuable (and in some cases, already existing) cyber resources to make sure you’re building the best defense possible.
1. Purchasing New Software Before Utilizing Current Systems
Many companies invest in valuable systems that either aren’t being used to their full capacity (or at all) or don’t have a designated point person to ensure they’re being used effectively. “Whether building an internal capability or outsourcing, a strong leader needs to be assigned to coordinate these activities and ensure efforts are focused on what matters most to your enterprise,” says Boison. So rather than rushing out to purchase the latest software, start by taking stock of your current systems (and the employees who run them) to make sure they’re doing their best possible work.
2. Drowning Employees in Mundane Tasks
Cyber security experts are an invaluable asset. To maintain an effective team, companies must give their employees the tools and time to focus on important security initiatives instead of responding to mundane alerts and requests. “Talent is drowning in a sea of alerts, and this breeds tension and potential loss of valuable employees,” says Boison. “A typical SIEM (Security Information and Event Management System) will flood cyber analysts with potential issues.” So how do you prevent your hardworking personnel from becoming overwhelmed with tasks beneath their level of expertise? Invest in smarter systems. “Intelligence-driven defense can create alerts that are more meaningful and less taxing on employees,” says Boison. Employing these automated management systems means your team can spend most of its time strengthening defenses and less time bogged down by insignificant alerts.
3. Spending Labor Dollars on Ineffective Night Shifts
Relegating less experienced employees to night shifts might seem like the logical way to structure shift schedules, but most of the time it ends up being both inefficient and costly. “If an issue occurs, [a night shift employee] will usually call in a higher-level employee anyway,” says Boison. Knowledge management systems are one way of solving this problem. “Automated alerts can contact an on-call employee directly, much like a doctor,” says Boison. This saves precious company money for competitive salaries and procuring solutions or tools.
4. Failing to Learn From Mistakes
The vast majority of companies experience a security breach at some point, but many are too focused on the fallout to learn from the mistakes that got them there. A cyber attack is certainly undesirable, but it can be an incredibly valuable resource. Many companies suffer from what Lockheed Martin refers to as Cyber Déja Vu, which sets them up for repeat attacks. One method that reduces the likelihood of Cyber Deja Vu is the Cyber Kill Chain (CKC). “The use of the Cyber Kill Chain is essential to identifying tell-tales signs of adversary behavior in every step of the chain,” says Boison. Companies can use the CKC to identify both where their defenses were strong and the weaknesses that left them vulnerable to attack. “Beyond initial awareness, the Cyber Kill Chain should influence almost every decision in computer network defense.” Head here to learn more about this invaluable method.
5. Allowing Immediate Concerns to Distract From Defense Reevaluation
Many companies will face tasks that require immediate attention (audit findings, incident reports, etc.) and end up distracting from larger issues. “When companies feel that they are behind the curve, they may plow ahead instead of strengthening their current defenses,” says Boison. Addressing concerns as they arise is important, but a thorough assessment of a company’s defense can prevent these fire drills from happening (and zapping resources) in the first place. “In reality, stopping and looking at their own enterprises saves a lot of time in the long run.”
6. Failing to Develop Internal Talent
Very few resources are as valuable to a company’s defenses as intelligent, capable minds. But as Boison says, “the cyber security talent pool is highly sought after and finding established talent is costly.” Many companies make the expensive error of assuming their only option is to compete with other companies to attract external employees with significant experience and expertise. “Instead of hiring established talent, companies should look at their current employees who have the potential to become valuable contributors with the proper training,” advises Boison. Evaluating a candidate’s room for growth during the initial hiring process and investing in continuous training is a cost efficient way to build the most important cyber defense weapon: a great team.
Once you’ve eliminated these six wasteful practices from your defense process, head here to see how Lockheed Martin can help you maximize your cyber resources even further.
Jessica Ferri is a writer based in Brooklyn. You can find her at jessicaferri.com.