Have you ever been greeted by a message like this when you logged into work?
Yes, that’s right – for Day Five of our 12 Days of Giving, we are going deep into Security in the hopes of helping you with the **All is Calm** component of your holiday wish list.
To do that, we’re sharing a little story from our own company archives – in which, to the bane of our CTO’s existence, a certain kind of spam continuously tries to impersonate our CEO (Ellen, as seen above) and asks as many people as they have emails for to please buy her some gift cards.
If you’ve also seen some kind of email like that – then your company, like ours, was likely the victim of a spear-phishing campaign – and it’s also probably time to lock down your security strategy.
We are not alone. In fact, not having adequate security automation costs the average company $4.43 million, per incident, according to Pew Research.
How can you ensure that your Security teams can keep pace with hackers and breaches? What can your company do against hackers who are increasingly turning to technologies such as artificial intelligence to protect sensitive data and keep company assets protected?
Don’t worry, new advances in workplace security operations strategies and new technologies and platforms such as ServiceNow are evolving daily to track and prevent even mature hacking strategies. And, as our gift for you, we’re covering them with our new SecOps eBook, Secure Your Workplace.
(For a full run-down on ServiceNow’s SecOps platform – including Incident Response, Configuration Compliance, Performance Analytics, and Integrations – download the full eBook here.)
Acting Now: Five Steps Your Security Team Can Take to Keep the Peace
But first, here are five steps your security teams should be taking to ensure you understand your current security vulnerabilities and reduce the risk of a breach.
You should also never buy your CEO gift cards. Really. She’s not, and never will be, asking you to.
1. Take an (unbiased) inventory of your vulnerability response capabilities. Take the time to assess your security capabilities with process owners and stakeholders. Your maturity is based on two factors; being able to detect vulnerabilities in a timely manner and being able to patch them effectively and quickly.
During your assessment, identify the problem areas. For example, many companies struggle with cross-department coordination or lack of asset and application visibility, especially if you are dealing with multiple legacy systems across your business. Give each problem area a score based on the risk they pose (based on the delays they cause in the patching process), so that you know which areas you need to tackle first.
2. Accelerate your time to benefit by tackling your “low hanging fruit” first. By starting with your basic items, you’re able to get a few quick wins under your belt and gain company visibility and key stakeholder support for larger projects.
For example, if your security team doesn’t scan for vulnerabilities, they should make it a top priority to acquire and deploy a vulnerability scanner. Alternatively, if they do scan, they should make sure they are doing internal and external scans (including authenticated scans).
3. Break down data barriers within your company, specifically between Security and IT. Using a single platform to create a common view between Security and IT means more configuration data and more insight into vulnerabilities. This will lay the foundation for supporting more advanced capabilities, such as prioritizing vulnerabilities based on impacted business systems and routing vulnerabilities to the right IT system owners for patching (vulnerability response).
4. Establish a solid CMDB relational map. Now that you’re using a single platform to increase your visibility, you need to make sure your CMDB is mapping to the right support and remediation efforts.
For example, knowing that server123.companyname.com supports your HR database with PII data helps prioritize your vulnerability remediation efforts.
5. Define your end-to-end vulnerability response processes and highlight which steps could be automated. Then do it. Vulnerability response processes that are repeated can be automated, which increases accuracy, reduces risks and eliminates manual busywork for your team. Start by utilizing pre-built workflow and process automation to accelerating your patching time and reduce staffing requirements.
Pay attention to automated routing, status tracking, measurable SLAs, and automated escalations. By ensuring that Security teams and TI teams have a shared view of these processes you are creating situational awareness through dashboards and heatmaps (performance analytics).
Download the full eBook to learn a full Security Platform Strategy (and possibly even ensure a calm and bright holiday season).