noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

Does Cybersecurity culture eat Cybersecurity strategy for breakfast?

Peter Drucker said, "Culture eats strategy for breakfast". My question to you is; Is this also applicable within the Cybersecurity space?

Oskar Ehrnström / September 03, 2024

Peter Drucker said, "Culture eats strategy for breakfast". This idea has since been adopted by many successful corporate leaders over the years, and many organizations use this as a competitive advantage in their business. My question to you is; Is this also applicable within the Cybersecurity space?

Will a team with a strong cybersecurity culture have a better chance to defend their organization than a team with a clear strategy?

If only life where that simple…

As always, there are no easy ways to success. Certainly, one can be “successful” (read ‘lucky’) in any given situation, and that single success can be attributed to almost anything. But over time, you will need several things to ensure that your team has what it needs to defend your business.

If you are new to cybersecurity, or just wants to get some input into your cybersecurity work, I have created this checklist of five foundational aspects in building a successful cybersecurity capacity.

Strategy

Your Cybersecurity strategy is what helps guide your decisions and prioritization. Answer questions like; What is our risk appetite? Which capabilities should we build our selves, and what should we outsource? Should we centralize responsabilities and mandate, or is it an option to distribute responsabilities in the organization? This will be the foundation of your cybersecurity policy.

Abilities

To avoid spending time and energy on defense efforts that don’t have the right impact, your cybersecurity unit needs an established method to guide their work. The NIST Cybersecurity framework 2.0 for example, devides the work into five operational phases; Identify, Protect, Detect, Respond, Recover, all held together by Governance. This model helps you map your efforts and capabilities to the different phases of the threat management lifecycle, making sure you don’t overspend in one area while underspending in another.

Tactics

A cybersecurity incident can have many different characteristics depending on the objective and the drivers behind it. But one way of helping to understand an attack is The Cyber Kill Chain (developed by Lockhead Martin). It is a framework that visualizes how a typical cyber-attack is executed. In each step of The Cyber Kill Chain you as a defender need both knowledge, tools, processes and focus to be able to brake the chain. Try to have all of the Abilities above in each step of the Kill Chain.

Tools

Your cybersecurity staff will need a large set of tools to give them all abilities necessary to address all phases of an attack. At the same time, the threat landscape is so extensive and complex that you need a technology stack with solutions that integrate into each other and allow you to automate a big part of your day to day work. In an incident scenario, you will need to lay a puzzle of information from different parts of the environment, and your incident responders will need to reach all components of your infrastructure to be able to contain and combat any cyberthreat present. Fortunately, concepts like xDR (Extended Detection and Response) has drastically lowered the threashold for maintaining an effective and efficient security operations.

People and Culture

All of the above is fairly easy to realize compared to finding and keeping the right people. There is a great shortage of skilled personnel in the market, and keeping the ones you find is key. Also, knowledge is perishable in cybersecurity. It is therefore important that people have the time to continuously develop their skills in order to stay on top. Establish a culture that encourages people to be dedicated and engage with passion into their work. If people feel excitement and pride in what they do, you will benefit immensely when “all hell breaks loose”. Because it’s not about IF, but WHEN all hell breaks loose.

If you are one of the few fortunate that can combine the right People and Culture with Strategy, Tactics, Abilities and Tools within your security operations, you are better prepared than most organizations, and have a stronger position to realize your business objectives. Just remember this:

  • There are no “silver bullets” to solve all your worries. The threat landscape is far too complex and the adversary too motivated for that.
  • There are no “self-playing pianos”. All tools need some interaction and maintenance, and if they are not being cared for, they will be easy to outsmart.
  • If you are a digitalized business, cybersecurity is business critical. And if it is not seen that way, it will fail!

Introduction to cybersecurity

Oskar Ehrnström
Head of Cybersecurity Sweden, Tietoevry Tech Services

With over 25 years of experience in sales and marketing, and with 13 of those as a leader and trusted advisor within cybersecurity, Oskar drives business innovation and transformation at Cybersecurity Services.

Tweet
Share on Facebook Tweet Share on LinkedIn