When attempting to solve a cybersecurity problem, some businesses have a tendency to seek a silver bullet solution. This can be dangerous for a couple of reasons:
- It can lead to a false sense of security if a ‘silver bullet’ is supposedly found
- It can cost a lot of money if that so-called silver bullet turns out to be an “enterprise-grade” security product
The truth is, there is no silver bullet solution in cybersecurity. Rather, these types of issues are best addressed through a combination of the right people and the right tools. I call this combination: Man + Machine. A simple analogy would be that of a knight preparing for battle.
Knights on the Battlefield
Most people would focus on the knight’s armor and weapons. In cybersecurity, that would be your set of security tools. Of course, a knight’s armor and weapons – a.k.a. the machine – are important; a knight wouldn’t survive on the battlefield without them. But he also has to ensure they are configured optimally. Too little armor, and he wouldn’t have enough protection. Too much, and he’d be encumbered by the excess weight.
But the machine is just one component. The other, equally important component, is the living, breathing individual underneath all that metal. That individual needs to have the right attitude, adequate rest, and sufficient training in order to wield his armor and weapons effectively.
Emphasis must be placed on the training part. If we recall the middle ages, the knights in that era began training as early as 7 years old. A future knight would typically start off as a Page. At this stage, he would learn foundational, non-combat skills. At age 14, that Page would move on to become a Squire. Squires apprenticed to Knights in order to develop skills and knowledge on proper equipment care and combat. Then, after years of intense apprenticeship, the Squire would be knighted. This usually happens at around 21 years of age.
In other words, before entering full knighthood, a knight would undergo more than a decade of training. You couldn’t just take any individual, slap on armor, provide a weapon, and then expect that person to win a battle – let alone survive in the battlefield.
Man+Machine – A Combined Approach
This knight analogy is valuable to me because it highlights the critical interplay between three competing resource restraints/requirements that are encountered when dealing with cybersecurity issues today.
In order to be effective, organizations need to find the proper balance of people, technologies and processes. One of the biggest problems facing organizations is that there is an abundance of tools available for use. In fact, there are over 1,600 security vendors, each one peddling an assortment of security solutions.
When an organization is duped into acquiring too many tools, the number of security systems and their corresponding generated data can easily overwhelm defenders, making them unable to act immediately and effectively. No matter how great (and expensive) each of these tools might be, they can all be rendered useless if the organization lacks skilled individuals who can wield them properly.
The problem is, most organizations will almost certainly lack the needed in-house security talent. There’s just such an enormous demand for cybersecurity talent and a very small pool to fill it. The problem is so bad that by 2021, it’s expected that 3.5 million security job openings will remain unfilled.
Once you have the right people and right tools you still need to account for processes and training. Knights kept their skills sharp with tournaments, jousts and actual battle. For defenders to be their best, they need to be exposed to training opportunities and have the ability to test and fire drill real world-like scenarios and data breaches. Otherwise, their knowledge and skills will become dull and outdated.
A few key takeaways when applying the Man+Machine approach in addressing a cybersecurity problem:
- First of all, as we discussed earlier, there is no silver bullet solution. If a vendor offers your company a product that (purportedly) can solve all your cybersecurity problems, just remember it won’t. That way, you can keep your expectations in check.
- In order to be effective in cybersecurity, each organization requires the right mix of people, technologies and processes. Technologies can greatly simplify your security tasks, but they will require human capital to interpret and act on whatever information they generate.
- Policies need to be put in place to enable defenders to perform their duties more efficiently. They can also guide end users into following security best practices and, in turn, reduce defenders’ time for firefighting.
- People require continued investments in training to ensure skills don’t atrophy. Threat actors are always improving, so your security staff should hone their skills as well