Cybersecurity Strategy: 6 Step Guide to Building the Framework

By Rick Peters | June 25, 2021

As networks continue to evolve, security leaders across industries are looking to improve security posture by implementing cybersecurity best practices to keep pace with innovation and ensure operations continuity. From enterprise IT to industrial OT, the traditional perimeter is disappearing. As a result, CISOs must advance their security strategies by maturing their risk management practices. 

Developing a Cybersecurity Strategy Starts by Managing Risk

To appropriately manage security risk, organizations must consider it a continuous process rather than a iterative series of points in time. Building out a modern cybersecurity strategy means moving away from the assumption that compliance is a sign of security. To ensure true protection, CISOs must create a strong risk management foundation that acts as the core of their security programs rather than chasing compliance as the ultimate goal. 

Courtney Radke, National Retail CISO at Fortinet, notes, “Have retail organizations reduced risk by following the Payment Card Industry Data Security Standard (PCI DSS)? Absolutely. Have they built a solid foundation for risk management? Again, if they’re doing it right: Yes. However, compliance does not always equal secure, but rather gaining compliance is table stakes, the cost of doing business, and ultimately must be exceeded to gain true security maturity.”

Frameworks like the HITTRUST Cybersecurity Framework (CSF) and the National Institute of Standards and Technology (NIST) Center of Cyber Excellence help address this issue by providing a foundation for building robust cybersecurity strategies without basing one’s security posture solely on maintaining a compliance program. 

Similarly, in the OT space, innovation and digital transformation also impact security across the manufacturing, Energy and Utilities, and Transportation verticals. However, these verticals are uniquely challenged as they must manage and protect legacy hardware and software while securing the cyber-physical space. As Rick Peters, CISO for Operational Technology in North America at Fortinet, explains, “The surge of what is characterized as Industry 4.0, that revolution and move towards sharing more and more data, is certainly at the forefront.” Considering the driving force of accessing and sharing data across today’s organizations, it is crucial that CISOs determine ways to enhance security it if they are to ensure business growth. 

So, while organizations may implement security differently, each must start by building a steady foundation based on risk management.  For best practice, follow these six steps:

1. Understand Situational Awareness

Situational awareness means understanding behaviors, being able to analyze them, and breaking the kill chain. Rick Peters notes, “When I’m working with CISOs, I ask them to assume they’ve already been compromised. I suggest a behavioral analytics based approach as a means of amplifying readiness as a key to achieving resilience and understanding what’s happening in their respective connected environments. In this fasion, they’re going to treat and deal with that level of awareness at the speed of business.”

Understanding the value of situational awareness necessitates the need to design in cybersecurity best practices to achieve a greater level of resilience. By building on a risk management framework, CISOs can start with transparency to develop the ultimate configuration. Situational awareness means designing technology in ways that reduce the overall risk, including foundational practices like encrypting data and establishing strong Identity and Access Management (IAM) practices. 

2. Invest in People

The rapid innovation and adoption of remote access strategy motivated by the 2020 pandemic demanded that the extended workforce increase cybersecurity situational awareness. To accomplish and sustain meeting that objective, organizations must invest more heavily in their people, transforming them from potential liabilities into assets.

World events, like the pandemic, serve to amplify bad actor activity. Malicious actors often seek to disrupt businesses by targeting employees. Conversely, a CISO strategy that produces situationally aware employees can serve to deter or even disrupt malicious actor campaigns. This can be accomplished through cybersecurity training that teaches users what to look out for in the case of a cyberattack, including a phishing scam. As companies continue to operate in remote and hybrid environments, it will become even more crucial to help employees enhance their awareness of potential threats.

3. Gain Visibility Across Networks

Risk management is a means to gain visibility across the entire landscape, including the proliferation of technologies employed within organizations. A typical byproduct of rapid innovation is often characterized by increased complexity within the business environments. 

4. Proliferation of Applications and Devices

Across industries, organizations continue to add new applications and devices to streamline operations and enrich customer experiences. 

As Troy Ament, Field CISO for Healthcare at Fortinet, explains, “Looking at clinical patient care devices, organizations have upwards of 100,000 traditional desktops that work in areas such as nurses’ stations and radiology environments, as well as back-office areas like the service center, human resources, and finance. Then, pivoting throughout the environment, these same organizations add mobile for efficiency and cost reduction.”

Gaining visibility into these applications and endpoints remains critical, as organizations cannot secure access points that elude detection and process accounting. The rise in ransomware attacks adds to this concern, especially since many devices often reside outside the traditional organizational perimeter. 

Courtney Radke explains, “The sheer number of devices, and the increased scale from physical endpoints to virtual to cloud workloads, has become a major security and operational problem. Businesses now have to ensure they have proper visibility across their entire environment, which now includes the remote workforce,  while ensuring gappropriate segmentation and control throughout.”

5. Converge Networking and Security

Endpoint protection is arguably only as sufficient as the network and cybersecurity practice integration. Converging networking and security practices are critical, but organizations are charged to accomplish such integration with efficiency and measurable results. To protect against advanced threats, CISOs must ensure their teams leverage tightly integrated solutions that encompass the remote edge. 

Historically, many organizations never had to manage the remote edge as they relied on in-person, on-location workforce processes. Now, they need to address these remote edges regularly – potentially for the long term. Threat actors understand this and thrive on disruption.

Considering this, it is vital that organizations design security into the environment without incurring latency that is attributed to the solution as that outcome is untenable from a business perspective. The abiding principle in most companies is safe and continuous operations, as they often measure their profit based on productivity. This includes adopting networking solutions that enable continued availability and speed while ensuring consistent protection. Secure, high-speed connectivity, similar to what is achieved when leveraging SD-WAN to drive secure remote connections while maintaining security, will be mission-critical as organizations maintain a remote distributed workforces. 

6. Automate Detection and Response

When executing a robust cybersecurity strategy, many organizations adopt point solution tools that respond to niche security needs. This, in turn, leads to too much technology and too little integration. Security tool sprawl creates too many moving parts with disparate technologies that cannot communicate with one another. To combat this security tool sprawl, organizations need tightly integrated security solutions

It is also important to view cybersecurity as a business enabler rather than a detractor, and choose solutions that incorporate analytics to enhance detection and automate response capabilities. This can be accomplished via platforms that enable integrated incident detection, response, and recovery to help security teams stop the kill chain as quickly as possible.

Governance Is Key for an Effective Security Program

Technology governance, both from the security program and tool management viewpoint, is the key to building an effective cybersecurity strategy. 

Organizations require integrated solutions that enable robust risk management and tightly couple endpoint security, network security, and situation awareness. At the same time, these solutions should help them govern their security posture. 

By considering these factors, CISOs can build the framework for a cybersecurity strategy that can withstand any past, present, and emerging threat.