The recent Institute for Critical Infrastructure Technology (ICIT) White Paper titled “Cybersecurity Show Must Go On: Surpassing Security Theatre and Compliance and Minimal Compliance Regulations," authored by James Scott, Sr. Fellow, ICIT, and Drew Spaniel, Researcher, ICIT, highlights organizations' lack of commitment to invest in strong security tools that have real impact to their organization's security position. Despite the cyber breaches over the last several years that confirm that identities are the root of most breaches, organizations fail to deal with the real problem head on.
Organizations leverage technology to increase the productivity of associates that expand the perimeter to all end user devices and their associated resources, no matter where they are located. Unfortunately, organizations often choose to protect only the organizations' physical perimeter. This does little to protect an organization from associates' activities that are remote and located around the world.
Scott & Spaniel were spot on when they wrote about the reality of security theatre. Organizations are often forced to take a short cut and just “check the box” for compliance purposes for a variety of reasons in and out of their control, such as knowledge, budget and human resource.
IT leaders of organizations would be well served by investing the time to survey the market place for cyber solutions that provide ubiquitous coverage of the entire environment. The focus, care and dedication to cybersecurity would significantly reduce the number of data loss breaches that have occurred in the previous years.
Congress’ appropriation of funds in support of the Department of Homeland Securities (DHS) Continuous Diagnostics and Monitoring (CDM) program is a great step in the right direction to remove a number of the barriers that have prevented IT leaders from driving cybersecurity best practices in their organization such as market knowledge of the best in class solutions, financial and human resources.
Programs like the CDM program coupled with the OMB’s 30 Day Sprint, guidance offered by NIST and thought leadership from groups like the ICIT will have a major impact on organizations, and help them to take the theatre out of cybersecurity and make cybersecurity a reality everywhere for everybody.
Register for the 2017 ICIT Winter Summit here.