Four steps to cybersecurity mastery

Mature cybersecurity is a four-step journey from that takes your operations from the level of a doorman to that of special forces. Take the initiative to meet the increasing worldwide security challenge.

Cybersecurity has always been a thorny issue for the enterprise. It is a complex and demanding discipline that takes significant planning, but which does not directly generate revenue. Nevertheless, it is a crucial part of any digital transformation platform. What faith can a company have in its digital transformation process if it can’t rely on its systems to protect sensitive data? Just like other aspects of digital transformation, building a robust cybersecurity practice is a journey with several steps along the way. Through discussion with our Strategic Advisory Board (SAB), we have identified four stages of maturity for cybersecurity. At what stage is your own organization?

1. The Doorman

Just like a regular doorman, this level of cybersecurity operation views the company’s information network as a walled building, and focuses on the entrance. Whenever someone tries to gain access, it checks their credentials, and decides whether to let them through. Once they’re in the network, however, the doorman has no visibility into their behavior.

Doorman security operations are relatively unsophisticated, and their approach to cybersecurity is largely outdated. They still view the network perimeter as the pivotal point in their technology infrastructure. The rest of the world has moved on from this view and is now living in a post-perimeter society. A complex array of connections and working relationships mean that both those inside and outside the firewall need varying degrees of access, sometimes for short periods.

All our North American SAB, made up of multinational companies, have evolved beyond this first level of maturity in their cybersecurity operations.

2. The Bouncer

While the doorman focuses only on the perimeter, the bouncer has an eye on both outside and in. Not only is he interested in who enters the network, he watches their behavior once they’re inside. This level of security operation uses a mixture of appliance and cloud-based security, but still operates mostly on a reactive basis to stop malicious activity when it occurs. The challenge faced by the bouncer is that he can only act after malicious activity has taken place and usually after some level of damage has already been done.

Organizations at this stage have progressed to a more mature cybersecurity operation. The lion’s share of SAB respondents (44%) considered themselves to be at this stage.

3. The Detective

The detective takes things a stage further, closing the loop by introducing a systematic incident response process that kicks into high gear when a security incident occurs. A security team at this level will not only react to security alerts and minimize damage quickly, but will also determine the source of an attack and use the information they gather to help mitigate further attacks or prevent them altogether. While the bouncer solves immediate problems, the detective learns from them, constantly strengthening the organization against future attacks.

This type of operation is advanced by any standard, but our data shows that a significant number of companies are already engaging at this level. A third of SAB respondents in our survey considered themselves security detectives.

4. The Special Forces

The special forces-style team is the crème de la crème of cybersecurity operatives. It uses cloud-based security and threat intelligence to spot security incidents as they happen, and then take automated preventative measures to stop them in their tracks. Techniques such as machine learning are useful when operating at this level, to help deal with the complexities of spotting suspicious network traffic and user behavior, and mitigating them automatically.

This is the most advanced level of maturity for a cybersecurity operation. Encouragingly, more than 22% of SAB respondents believed themselves to be at this level.

Progressing through cybersecurity maturity levels

How can companies make progress in their cybersecurity operations and increase their maturity level?

It starts with examining their current security posture to understand where their vulnerabilities lie. They can then mitigate vulnerabilities using consulting and managed services to help get them beyond the “doorman” to the “bouncer” stage.

Achieving “detective” status involves expanding from point solutions designed to tackle security incidents alone to a more holistic security ecosystem, including security event intelligence and incident response systems that coordinate incident data and response measures.

An organization reaching this level will already be ahead of the cybersecurity curve, but will still be using this event information to configure systems manually. To reach elite “special forces” status, it must push the envelope still further.

This rarefied level of cybersecurity protection requires a next-generation security platform that consumes threat intelligence data and automatically responds to threats with the appropriate measures. A system like this creates changes on the network in real time, countering threats as it detects them.

While these sophisticated systems are in their infancy and automated response has its risks, it is not too early to implement with human verification of responses and gradually enable automated responses as the system learns your network. Experience with and upgrades to current systems will soon increase confidence in and effectiveness of automated response.

Businesses taking the initiative

The journey to cybersecurity maturity may sound daunting to IT teams, but as our SAB survey shows, there are positive signs that businesses are grasping the importance of a mature cybersecurity operation.

Increasingly strict regulations around the globe are pressuring businesses to acknowledge and respond to escalating cyber-risks. A few short years ago, IT departments had trouble educating business units and getting their cooperation to take cybersecurity preparedness to the next level.  Now they are finding staunch allies in the board room.

As cybercriminals and malicious state actors continue to evolve, modern businesses can’t ignore the need to match them. 

Taking cybersecurity to the next level very often requires additional resources, but hiring cybersecurity professionals can be challenging, even after you get approval to hire. Analysts from Frost & Sullivan forecast a shortfall of 1.5 million by 2020, according to the (ISC) Global Information Security Workforce Study.

This has many companies turning to solution providers such as Orange Business that can work with you to both evaluate your security maturity and provide solutions, including managed services, to find the right balance of risk and investment in security solutions.  Find out more about Orange security services online.

B​ob O'Brien
​Bob is vice president of Network & Voice Center of Excellence and e-Health/M2M for 
​Orange Business in the​ Americas.
​His areas of focus include global network services
​video, unified communications, mobility and IoT. Bob has an MBA and 
over 30 years of project management and business experience directing large, complex IT infrastructure technology projects and organizations to meet deadlines and reduce costs.
​ He has been with Orange since 2007.​