Last Updated: 27th September, 2019
Bridge The Gap: Usually, when a CISO (Chief Information Security Officer) joins a new corporation, they inherit a huge security stack – a portfolio of alternative solutions that grow with each subsequent CISO (Chief Information Security Officer) coming in. However, a latest study revealed that far more than 50 unique security components have to keep pace with the median CISO. That’s why CISOs are blind to the gaps in the armor of their organization until they evaluate the skills and abilities of a security team and technology audit is complete.
Determining which solutions that they possess and where they’re protected or can’t be a resource-intensive process. Until this audit is complete, CISO (Chief Information Security Officer) are blind to the gaps in their organization’s armor. While auditing an organization’s security stack may be complicated, it is possible to categorize technology solutions, benchmarking and measuring their features and performance.
Conducting a similar audit of an organization’s security team is far more difficult and nuanced. Identifying whether a company has a security skills gap isn’t as simple as ensuring there are enough employees with certain job titles. When attackers are constantly updating and changing their methods, it’s vital that a company’s security team can keep pace. Measuring an organization’s cyber skills, then, is as important as measuring the health of its security stacks.
Bridge The Gap: The Exact Blend
Fully protecting an organization’s attack surface isn’t easy. Just as there’s no single type of attack vector, there’s no single type of security expert; for example, a web security specialist might lack knowledge digital forensics knowledge.
Labeling someone a “cybersecurity expert“, therefore, doesn’t do them any favors. At best, it’s a generalization that could limit an employee’s progression; at worst, it could put the company they work for at risk.
CISOs (Chief Information Security Officer) understand this. They appreciate the broad scope of work involved in ensuring an organization’s cybersecurity. After all, at some point in their career, they’ll have had first-hand experience of a DDoS attack; they would have had to deal with the paralysis inflicted by ransomware or being called on to minimize the potential damage of a data breach. They know only too well that what matters most to an organization’s security is the experience and expertise that lie behind such vague job titles.
As a result, CISOs (Chief Information Security Officer) will want to ensure they have the right mix of appropriately skilled people on their team, and they will want to ensure that, in an environment where methods of attack are continually evolving, there are no gaps in that team’s knowledge and skills.
Bridge The Gap: Measurement And Training
Cybercriminals are extremely innovative when it comes to devising and deploying methods to bypass the latest security solutions – often as soon as those solutions are released. Security professionals must therefore be given the chance to continually hone and update their skills if they’re to keep up with the emergence of new threats.
However, ensuring security teams develop the skills they need to be more effective is only one aspect of efficient training. It’s just as important for CISOs to identify and measure skills as they’re acquired, and to understand how those skills best align with their organization’s security strategy.
Discovering Skills And Abilities At A Glance
The MITRE ATT&CK framework, a comprehensive, structured matrix of real cyber-attack techniques, tactics and procedures used by threat hunters and defenders to help recognize attack types, provides CISOs with much-needed visibility into their team’s Skills And Abilities base.
The framework enables organizations to select a specific attack technique and then, by analyzing their defense, highlight any frailties and expand their security controls as appropriate. Essentially, it helps CISOs to spot any problems that require quick remediation.
Using a matrix of skills aligned to ATT&CK techniques and tactics, though, enables CISOs (Chief Information Security Officer) to see, at a glance, where their organization has strong coverage and where it lacks human expertise. This approach makes it possible for CISOs to quickly identify those individuals whose skill sets make them ideal to respond to particular incidents.
By the same token, it also helps to highlight those employees whose skills require further development. With the size, scale and sophistication of cyber-attacks growing at an unprecedented pace, CISOs (Chief Information Security Officer) have never been under more pressure to ensure their organizations are properly protected.
Measuring the effectiveness of a digital cupboard full of different solutions is an essential – if unwelcome – step toward closing any gaps in coverage.
Gaps in a security team’s skills and knowledge must be closed too. This will be impossible, however, if no-one knows where those gaps are.
By mapping employees’ skills against ATT&CK techniques, CISOs (Chief Information Security Officer) can enjoy a reliable measure of the “health” of their security team – a health check that could prove invaluable in the face of an attack.