As I’ve said many times, cybersecurity seems to be more about reacting than acting or being proactive. Now, a new study by 1E found that, in fact, IT professionals spend a third of their time reacting to emergencies.
Nearly 30 percent of the IT tasks are unplanned, which works out to be about 14 weeks of job time per year. More than half of the respondent admit that a problem that is found relatively quickly (within an hour) can take most of the day to resolve.
While this study looks at IT as a whole, it fits into the scope of security, as well. Think of the amount of downtime that is caused by a security incident and how long it takes you to get the company up and running properly again, or how long it takes to resolve that incident. Then ask yourself if you were prepared to address the security incident. Again, I think the formal statement that Sumir Karayi, founder and CEO of 1E, made is as applicable for security as well as overall IT functions:
We knew that IT teams spend a lot of time on unplanned incidents, but we didn’t think it was this high – one third of their time. That’s taking a huge toll on their ability to innovate.
So how do you change that mindset of reacting to something that is more proactive and will result in less downtime and fewer man hours to repair the incident? Will Gragido, director of Advanced Threat Protection at Digital Guardian, took the time to provide some comments and suggestions for me.
Being prepared for potential security threats involves getting everyone in the company on board, he said, and that includes the executive staff and board of directors (if you have one). The reason is because security is an investment – in system tools, in time, and especially in personnel. These are the leaders who are responsible for putting everything in place to make other areas of the business operate smoothly. You don’t want security incidents to be the cog in an otherwise well-oiled machine.
But it is more than having all the pieces in place. You also have to know what it is you are protecting, as Gragido said to me:
For any security program to succeed, the organization must understand what it is protecting and securing. This sounds like an easy proposition, however, in many organizations there are oftentimes large differences of opinion as to what requires protecting/securing, the priority appointed to those efforts, the funding for those efforts and their execution. To properly secure and protect against advanced threats, an organization must know itself. This means that those responsible for protecting and securing the enterprise must understand what and who constitutes the enterprise and its population.
And that’s the other important issue to consider – who is your user population and how are they using devices, the network, and the data itself. That’s the only way to understand what is acceptable and unacceptable use, as well as anomalies within the system.
As Gragido concluded:
A healthy understanding of the threat landscape in general can go a long way, but understanding who and what is in play with respect to one’s own industry vertical can be extremely beneficial in mitigating the threats posed by advanced threats and threat actors.
It’s the difference between acting and maybe preventing, rather than reacting and suffering the consequences.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba