With the ever-growing list of cybersecurity threats and the constant vigilance required to stay ahead of them, it's easy to lose sight of what CISOs should prioritize. In addition, there are many technologies, services, and approaches to consider when planning a security strategy. Fortinet Field CISOs, Jaime Chanaga and Daniel Kwong, offer some advice for CISOs to keep top of mind when reviewing their security posture as well as recommendations to avoid falling victim to the ever-expanding threat environment.
What is one security strategy that is sometimes overlooked by CISOs today?
Jaime: One strategy is the importance of building a cybersecurity resilience strategy, which is different than a cybersecurity strategy. Organizations face new challenges and risks requiring a different security approach. Here are five components for a cybersecurity resilience strategy:
- Establish a Culture of Security: CISOs must collaborate and establish a culture of security that involves everyone, from company executives to frontline employees.
- Risk management: CISOs need to identify and assess their organizations' risks from cyber threats and understand the potential impact of a breach to develop plans to mitigate those risks.
- Incident Response: CISOs must have a plan in place for how to respond to a security incident. Organizations who plan and rehearse for incident response scenarios are more likely to do better when (not if) a significant cyberattack occurs.
- Recovery: CISOs must have a plan to recover from a cyber incident. Recovery includes restoring systems and data, as well as business processes. It is crucial to have a tested and rehearsed plan in place so that organizations can quickly and effectively recover from an incident.
- Communication: CISOs must establish communication protocols for internal and external stakeholders. Communication includes messaging for audiences, such as the media, employees, and customers.
Daniel Kwong: As organizations begin to implement zero trust strategies, there has been a concern that some organization focus only on the network. The key to a zero trust strategy is making sure it can work across the entire hybrid network, from the endpoint, network, and the cloud. The combination of three factors — people, data, and networks — is what makes up a comprehensive zero trust strategy. And while there are many different ways to implement zero trust, each with its own set of benefits and drawbacks, the only way to truly achieve zero trust is to take a universal zero trust network access (ZTNA) approach that covers all three areas to enable more secure access and a better experience for remote users, whether on or off the network.
What is an example of a security service that you think is helpful for security leaders to leverage today?
Jaime: CISOs must prepare for new and evolving cybersecurity threats now and in 2023. To be prepared for the risks that will come up in the future, CISOs should consider security services like the following:
- Adversary Centric Intelligence (ACI) solutions help organizations identify threats from all sources, including the dark web, and intelligence that identifies adversaries. ACI helps CISOs understand the dangers they may face and anticipate their adversaries' next move.
- External Attack Surface Management (EASM) services help organizations understand their externally visible attack surface. Understanding their attack surface is valuable to CISOs to help them protect their business.
- Brand Protection (BP) should also be a focus for cybersecurity teams and CISOs because they can identify online risks that could harm the company's reputation, brand value, trust, and integrity.
Daniel Kwong: While many organizations are implementing a zero trust approach to security, a key challenge that remains is setting up a proper workflow for DevSecOps, where application and data developers embrace a "shift-left" design model approach to security in order to support a holistic zero-trust strategy. This requires security teams to work more closely with developers, who may have less experience with security and need a different approach than traditional application development.
What is one recommendation you would give CISOs who are grappling with patching prioritization for vulnerabilities?
Jaime: As companies merge their Information (IT) and Operational Technology (OT) networks, it becomes harder for CISOs to protect their companies from cyberattacks. This IT/OT convergence makes it difficult for CISOs to keep up with software and system patching priorities. Also, many companies now allow employees to work from anywhere (WFA), which means some organizations are not keeping up with software and system patching priorities as they did previously. An expanded attack surface of IT/OT + WFA from remote networks provides the perfect storm for patch prioritization challenges CISOs to face today.
One recommendation is that CISOs create a patching strategy that fits the organization's specific business needs. CISOs also need to consider the different systems and networks in place. Patching is an essential part of cybersecurity, and CISOs should prioritize it.
Daniel Kwong: The recent FortiGuard Labs Threat Landscape Report showed that the convergence of IT and OT and the endpoints of WFA remain key vectors of attack as cyber adversaries continue to target the growing attack surface. In order to ensure the success of a digital transformation program, it is essential to have a security posture management approach in place for both IT and OT assets. The solution should take into account providing resource risk insights including people, data and networks in order to prioritize vulnerability patching, and application issues. By taking a holistic approach to risk management, you can give your digital transformation program the best chance of success.
What are some ways to get time back for security leaders and find efficiency?
Jaime: To get time back, CISOs can focus on being more strategic and less operational. By following these tips, leaders can get time back in the day and find more efficiency for cybersecurity efforts.
- Develop a strategy. The first step to regaining control is to develop a strategy for cybersecurity efforts. This strategy should include both long-term and short-term goals, as well as a plan for how to achieve them. By taking the time to develop a strategy, leaders can ensure that teams are focused on the right things.
- Automate where possible. One of the best ways to get time back in the day is to automate tasks where possible. This can include things like patch management, vulnerability scanning, and incident response. By automating these tasks, it is possible to free up time for more important tasks, such as strategy development and threat analysis.
- Delegate where possible. In addition to automation, delegation can also be a great way to get time back in the day. If team members are capable of handling certain tasks, delegate those tasks to them. This will free up time so leaders can focus on more important tasks.
- Prioritize your time. Not all tasks are created equal, and some tasks are more important than others. Make sure to prioritize time to focus on the most important tasks first.
Security leaders are always looking for ways to improve efficiency and security operations. One way to do this is by leveraging security orchestration, automation and response technology. By using orchestration and automation
, security leaders can find efficiencies in their operations by integrating different cybersecurity technology with a single plane of glass management, freeing up time to focus on more strategic initiatives. Additionally, these tools can help to improve security by automating tasks that are prone to human error and providing rapid remediation in case of security incidents. This is especially key as the threat landscape gets more sophisticated and the rate of exploit continues to increase.
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.