While the businesses all over the world are embracing the digital transformation as one of the interventions to stay relevant in an increasingly competitive world, ICT professionals, in particular an information security analyst, faces huge challenges in protecting the business data. Virtually every business is, to a larger or lesser extent, reliant on digital systems to run their operations. However, new innovations bring along serious cyber security challenges. These include loss or theft of customer data, cybercrime and downtime. These activities have repercussions for companies including financial loss, reputational damage and legal risks.
Information security analysts have to put measures in place to prevent, detect and mitigate against cyber-attacks that may occur in their organizations. Some controls may even seem to interfere with the business processes, for instance, they may stop a business user from executing a particular function because it is deemed too risky. On the other hand, the business user may be frustrated because they believe that they are entitled to execute that particular function. An information security analyst therefore needs to find a sweet spot that allows business users to continue with their activities without compromising the business data. Computer security, like all security, is about trade-offs, not absolutes.
The challenge, however, is to keep up with the changes in the business which are happening at a rapid pace. The digital era means businesses need to be flexible and nimble, otherwise they will fall behind in terms of their competitiveness. This means changes can be brought to business over night, with little understanding of the wider impact of the new system and process changes. A new change done quickly may create a new system vulnerability due to little time allocated for thorough testing. The quicker it is to deploy new solutions, the quicker it is to exploit systems. System breach can spread to many other interlinked systems. The information security analyst may not even have the full grasp of the new changes so that he/she can put measures in place to protect the new system. Security professionals therefore find themselves playing a catch-up game. In this case security analysts have to move with speed to ensure that relevant cyber risks are mitigated.
An information security analyst can implement various measures to protect the business systems and data. However, these measures become obsolete as soon as they are put in place. The big challenge for organizations and security teams is that cyber attacks are constantly growing in scale and complexity, making them increasingly difficult to track and mitigate. New threats are released daily by hackers. Some are even sold and bought online. Therefore, yesterday’s controls may not be effective today.
It is also not easy to just implement new security controls at the required speed. Firstly, they need to be tested or risk causing irreparable damage to the production environment. The quagmire is that testing takes time while during which the system to be protected remains vulnerable. Secondly, implementing security measures may require some downtime on the production environment. For global entities that operate on a 24/7 basis, negotiating downtime with business is always a tricky subject. This is understandable because any downtime for business may mean loss of revenue or missed opportunities.
Notwithstanding the challenges faced by security analysts, as highlighted above, there are ways to improve chances of their success. These include the following:
- Defining a proper framework that guides how controls will be implemented in a fast-paced environment that digital era is driving. The framework must be developed in conjunction with the business.
- Staying close to the business so that the business direction can be understood. This greatly assists in terms of alignment between the security analyst and the business. Furthermore, security analysts can anticipate the impact of the new changes to be brought by the business and prepare in advance.
- Building a risk matrix. Understand what the business is prepared to lose (risk appetite) and the cost of controls to be implemented. Continuous risk assessment reporting should be practiced.
- Automating the controls as much as possible. This minimizes human error. It provides fully automated threat detection and remediation software solution. It helps information security analysts to detect threats as they happen and enables them to take immediate automated actions. Security analytics platforms, combined with machine intelligence, enable faster time to identify an attack and require less human involvement. Ultimately, this ensures mitigated risk and greater security in a landscape of increasingly sophisticated cyber threats
- Be agile enough to quickly respond to a cyber security incident. This requires the containment of the breach and bringing the systems online as quickly as possible.
- Building a learning environment (behavioral analytics). This ensures that the security systems build a base line of the environment. Thereafter any change is compared to the baseline. If the change has security implications the controls will be adjusted in line with the new change, and a new baseline is set.
- Educate business users in terms of what is expected of them with regard to security issues. Technical controls alone are not enough. Users need to be on board because nowadays hackers target human weaknesses to gain access to sensitive data and systems.
- Because accidental bugs can be as dangerous as deliberate back doors, having several suppliers and spare capacity is recommended, so that a single flaw does not leave the entire network vulnerable. Back doors are a concern, but most hackers make do with the accidental flaws that plague all digital devices.
- Continuously researching about the new trends and threats. Information security analysts need to keep themselves up to date lest they are left behind in understanding new threats that are being brought by hackers daily. They are therefore be expected to stay up to date on the latest trends and technology in order to develop professionally and recommend security advancements for their organizations.
As discussed above, the role of information security analysts is very critical in this digital era. Cyber criminals are targeting sensitive data for financial gains. Therefore, security analysts need to keep up with times by developing strategies to respond rapidly to new attacks/threats that are unleashed daily. Some of the interventions that security analysts can employ were discussed in this blog. These are not foolproof; security analyst can adjust them as they provide the general guidelines.