ICS Cyber Convergence

Return to blog

A necessary but relentless focus on regulatory compliance in the cybersecurity community may be shifting resources away from more complex threats. Although organizations focused on checking the compliance box are more likely to address the foundational solutions necessary in building a cybersecurity framework, this approach can also lead to a false sense of security.

The Ponemon Institute and Lockheed Martin recently surveyed 678 IT security leaders within the United States. The surveyed respondents were security practitioners familiar with their organizations’ defense against cybersecurity attacks and responsible for directing cybersecurity activities. (Download the Intelligence Driven Cyber Defense survey results.)

When asked about cybersecurity business priorities, compliance was rated the number one cybersecurity business priority (above confidentiality, interoperability, integrity and availability). The challenge with this common response is that compliance does not necessarily equal security. 

Achieving compliance provides organizations with a foundation to start becoming secure with. But there are ways they can be both compliant and remain vulnerable. For example, you can have a solid maintenance log to comply with a regulation or policy. However, how will that log be used to proactively defend infrastructure? Within the Utilities industry it’s one thing to comply with the NERC CIP requirement to map all networkable operational technology. However, what good does that do when protecting IP if you don’t actively monitor those devices for potential breaches?

A focus on compliance as a top priority may cause an unbalanced view of the controls and the vulnerabilities of a cybersecurity model. This, in turn, can prevent organizations from combating the most critical facet in risk management: the threats.

This unbalanced condition often results in a focus on incident response versus threat intelligence within the analyst realm. Threat intelligence is a critical element to an effective cybersecurity platform because attacks are ultimately caused by people, who are often unpredictable, non-constant and creative in their tactics. 

5 Tips on How to Achieve Compliance and Security

Compliance is an important aspect of cybersecurity and it should be a priority. The focus on protection, however, should be to measure compliance’s effectiveness rather than mere achievement of compliance. Below are five tips for achieving compliancy and security: 

  1. Map your environment Situational awareness is important, both inside and outside of the network. A common tenant for a majority of regulations is asset mapping. How much Operational Technology do you have? How much IT? Which assets are networked?

  2. Perform Due Diligence The comprehensive security analysis of many companies often ends at the door of the vendors and partners they work with. Yet vendors are often softer targets that attackers can exploit to gain access to your intellectual property (IP). Close this gap by working with your vendors to ensure that they remain not only compliant but also secure.

  3. Share, share and share Vigilance is the key to thwarting the most common threat to your network: the insider threat. A disgruntled employee or unauthorized person with some level of credentials looking to get behind the firewall and access your IP can be devastating. The key to stopping this is by sharing information outside the IT department and training employees on how they can help spot and stop cyberattacks.

  4. Eliminate redundancies Proper cybersecurity involves a lot of analysis. It’s easy to fall victim to analysis paralysis to generate redundant analytic results. Stop this by inventorying your reports, flagging redundancies and removing reports that take up space and add little value.

  5. Use compliance as a guide Compliance is a way to start building your cybersecurity footprint. It’s also a guide for maintaining a proactive cybersecurity approach. By adding the elements above with Intelligence Driven Defense®, your cybersecurity platform will grow beyond compliant and into the realm of the truly secure.

A functionally integrated cybersecurity platform places threats at the forefront. Architects, engineers and analysts adhere to a common methodology that incorporates threat analysis and threat intelligence across systems and processes. A threat-driven cybersecurity platform, tailored to fit with a compliant infrastructure is the combination that best ensures security in a strategic, tactical and operational manner.


Just In: Results of the Intelligence Driven Cyber Defense Survey

survey-ponemon-stylized
 

Get the survey >