The advancement in the technology of the world we live in today made it very easy for every business regardless of its size to reach out to places that would otherwise be very challenging to communicate with, let alone have a full business presence in.
In the past, very large organisations experienced many different types of difficulties in maintaining their businesses in different cities or keeping up with the demands of their customers who may be located in different regions.
Today we have small home-based businesses or businesses that may not even have a physical presence in their own region trade very successfully and easily across the globe.
A few years ago an organisation’s security operations analysts were not expected to have great level of knowledge in the different areas of information security to be able to learn the trade and analyse what they see on their screens. This was because abnormal behavior in most cases can easily be identified.
However the advancements we are experiencing brings with it a wide range of different applications and services that are built into the overall infrastructure. We have a wide range of different cloud services that are interconnected to internet facing applications that distribute their content on multiple different locations in the cloud.
These services in one transaction can generate many different signatures that a couple of years ago security analyst would consider them as a clear sign of an intrusion attempt, however today these signatures are not enough to determine the maliciousness of the activity. This means malicious activity can easily hide in plain sight of what is now considered as normal traffic in many environments.
These rapid developments aided in the spike in cyber threats, their complexity and continuous changes of the adversary’s Tactics, Techniques and Procedures (TTPs).
The information security community are observing on a daily basis, news of many different types of organisations being breached with a variety of attack methods that ranges in their complexity, delivery mechanisms AND motives.
Many organisations such as SANS institute, EC-Counsil, ISC2 and many more are working extremely hard to raise the level of expertise and research new methods to detect, collect and investigate breaches.
The GOOD news is that we are also observing many if not all organisations are starting to recognize how important it is to have a solid infrastructure that is built with security in mind.
Many developers are now being encouraged and educated in the methods of secure application development. Network administrators are also starting to take a security stance and work to harden their network and create that balance between Accessibility, Security and Usability.
Organisations are indeed stepping in the correct direction and have dedicated a large amount of money to secure their infrastructure and implement a wide range of security controls from IDPSs, SIEMs up to deception controls, however many organisations in their efforts to improve their security resilience neglect dedicating enough time to perfect their processes and forget that cyber security is made of three important components (People, Technology and Processes) that are part of a successful ISMS.
Having a well thought out processes can compensate for technological gaps or failures and neglecting your processes can render your state of the art devices very useless and break communications between your teams.
Your processes can save you in moments when everything else fails.
So, what makes a perfect or a well thought out processes?