Cyber Security: What Is The First Thing To Do In 2021

Add bookmark

Seth Adler
11/25/2020

You may have seen last week’s piece showcasing cogent advice from some of our venerate contributors on the last thing to do this year. Some of those same executives as well as a few others, have chimed in on the first thing to do next year in cyber security. 

Insights from Aligning Security Strategy With Business Strategy; Aligning Security Enablement With Business Execution; Engaging Threat Hunting; Matching Talent With Technology; Understanding Budget vs. Reality; Engaging Strategic Partner Security and Engaging Immediate Security Awareness are covered.

 

What is the first thing to do in 2021?

 

Align Security Strategy With Business Strategy

Parag Deodhar, Regional Chief Information Security Officer- APAC, VF Corporation

Understand the strategy of the organization. CISOs need to understand the business a lot more deeply and align their strategy with the business strategy. So the first thing to do is to do a deep study on the business strategy and realizing how the security strategy can align with the business strategy.

 

Align Security Enablement With Business Execution

Iain Lumsden, Director of Information Security, Denver Health

We've been so agile this year and I suspect it's going to be the same thing in the beginning of next year. Speaking specifically in healthcare- there’s conversation around a COVID-19 vaccine coming soon. We're working with the business to make sure that we can do what's needed for the patients. And that's still going to be on top of our minds at the beginning of next year. We need to be flexible, but at the same time enforce necessary security requirements. 

 

Engage Threat Hunting

Kayne McGladrey, Public Visibility Initiative spokesperson, IEEE

It's really looking at the threat landscape as it exists on that day, in that point of time and do a reality check on how much the world has changed since you got that budgetary approval. This is a step that not everyone does. They focus on doing things right, not necessarily doing the right things. Organizations need to have a continuous model of risk reduction and risk assessment and threat informed assessments of those risk models. 

Something that we've seen historically, threat actors know we take holiday. They know that those two weeks around Christmas and New Year's, between like the last two weeks of the year, if you don't celebrate those holidays, tend to be slow weeks. Tends to be the B shift, the C shift that are actually taking the reigns of organizations. When companies come back- if they weren't threat hunting over those periods of time- start a threat hunt. Go find out who now has persistence in your network. And I hope it's nobody. 



Matching The Talent With The Technology

Nannette Cutliff, SVP, Chief Information Officer, CISO, Pacific Service Credit Union

The first thing to do next year is to make sure that you have resource accountability for managing and assessing how you're going to attack the things that you know have to be executed. Look at the skill set and the resources that you have on staff to make sure that you're adequately geared up to handle what you've got on your plate and the future threats that are coming.

Many of us bring on new tools, new platforms, new integrations and we haven't gone back to look at how they've played in our environment. 

 

Understanding Budget vs. Reality

Tom Kartanowicz, Regional Chief Information Officer- Americas,Commerzbank AG

The first thing to do next year is check my budget numbers. Check the approval process and see what amount of coinage I'm working with and what the reality is. Checking the project status and seeing what we can kick off, and balancing the money versus the reality. 

 

Engage Strategic Partner Security

Lisa Tuttle, Chief Information Security Officer, SPX Corporation

We've had a lot of strategy meetings with our vendors. We will start off the year focused on our priorities. We’ll focus on strategic partner tools as well as the potential enhancements they can make. We’ll then be able to realize how we can be better business partners to each other so we're in lockstep on how we take advantage of the things for which we're already paying.

 

Engage Immediate Security Awareness

Stephanie Derdouri, Sr. Director Information Security Risk at Fannie Mae

Everybody's going to want to be optimistic about the year ahead. Start out by saying ‘we're all in this together and that means that we're all holding each other accountable.’ We understand everybody has flexible schedules. It’s important to get in right away with that employee engagement. And that probably needs to happen before any sort of hope of there being any sort of security awareness digestion. You have to make sure people are ready and listening.

 

RECOMMENDED