In addition to such targeted training, there are also starting points with which organizations can also support IT security through structural measures:
Leverage Security Affinities
Some Dev and DevOps teams already see security as one of their core responsibilities. Therefore, it makes sense to shift more security responsibility to develop and to the DevOps area instead of in separate security roles.
Set Up Grant Programs
Security “champions” or “godfathers” are not trained security professionals. Rather, it is employees who have actively incorporated the integration of safety principles into their primary areas of responsibility. More motivated safety advocates can be attracted and built when a dedicated program supports such role modeling. They promote security literacy, quantify risks and model best practices.
Actively Identify Potential Attacks.
International information platforms such as MITER ATT&CK can be used to learn more about the behavior of potential attackers, as they often repeat known and successful attacks. This allows companies to proactively initiate security measures instead of reacting to attacks.
Modernize Development Processes
Applications are now being developed much faster and often without coding (low-code or no-code). Therefore, companies should integrate security acceptance testing into the development process. For example, security routines from open source libraries or GitHub repositories can be used, and machine learning (ML) can be used as an assessment tool.
Embrace Hybrid Infrastructure Environments
The unplanned push towards remote work and home office in the last 12 months has presented IT managers with new challenges. With the help of cloud solutions and remote access, business continuity had to be ensured quickly. Optimizing the tools and usage guidelines for collaboration in terms of security often came second. Since it has been shown that this is not a temporary situation, but that remote work will continue to play an important role in the future, the security policies and procedures for hybrid infrastructure environments should be optimized.
Ensure Measurability
You can’t show improvement for something that isn’t measured. Therefore, it is important to assess enterprise-wide knowledge when assessing vulnerabilities and mitigating risks regularly.
“Assessing risks at all levels is important to show what consequences a security incident could have and what investments are required to have a real impact,” explains experts.
Questions that companies should ask themselves in this context include:
- Can you assess the value of your vulnerable assets and intellectual property?
- Does everyone in your organization know that they share responsibility for cybersecurity?
- Are they able to mobilize their workforce to thwart security attacks?
- Are you protected from the financial impact of ransomware?
- What impact would a security incident such as compromising data have on customer trust and positioning?
Also Read: Automation: 5 Tips For Smooth Adoption