Need actionable items, not a data deluge

  •  BY Dr. Yask
  •  In
  •  Jan 27, 2023
  •  5728
  •  0

Enterprises are advancing to include security as a crucial component of IT deployment, and CIOs and CISOs are placing a high priority to adapt to the new realities.

While I can know what the vulnerabilities are, I also need to know whether I have adequately addressed each one of them.

Over the last few years, we are seeing a shift in awareness about the importance of technology to combat the threat and this is elevating the role of CISO in organizations.

Our OEM partners used to emphasize the experience and legacy but now they talk about technology innovation. CISOs are facing the challenge of meeting regulatory requirements such as GDPR and definitely, and PDP will come in sooner than later in India. So are we geared up to meet these challenges with the right mindset?

Technologically too, we have the capabilities to counter existing threats but what about unknown threats for which we do not yet have solutions? Cyberattacks are done by exploiting the organization’s vulnerability. We know that we cannot control the threat actors, but we can certainly try to control vulnerabilities in the organization.

While I can know what the vulnerabilities are, I also need to know whether I have adequately addressed each one of them. Though existing technology does provide a reasonable answer to the problem, it can only do so much - it is the humans eventually who are going to work on it. No matter how much AI, ML, or advanced analytics are put into it, end of the day, it is the analyst sitting in the SOC who is going to operate and act on that.

Security practitioners get regular threat inputs from various agencies but what is important is whether these inputs are converted into actionable items. Or are these resulting in alert fatigue with so much data coming in? Is it only data or does it have any information? So, one of the biggest challenges for a security professional is while there is a huge amount of data coming in from internal sources, OEMs, security service providers, security agencies, etc., unfortunately not a lot of information is getting derived out of it. What is needed is only actionable items, something that is contextual and useful for the organization.

 

- Dr. Yask is a Chief Information Security Officer  at IOCL

 

 


Add new comment