June 18, 2021
By Nir Sasson, Network Security Consultant, Avnet, a Rockwell Automation company
Cybersecurity costs businesses a lot of money – and with no measurable monetary income as a result. That leaves executives and board members scratching their heads and wondering: “Why are we spending so much on this? Why do we need to employ expensive professionals to manage and operate cybersecurity?” Often leading them to ponder, “We know cybersecurity is important, but how do we determine the right level of investment?”
We’ve developed a list of three strategies you can use to maintain good cybersecurity hygiene, while still managing costs.
#1. Manage to the Exception
Managing to the exception is the principle that will allow your organization to maintain a proper cybersecurity defense. It means starting from the worst-case scenario, or the exception to the status quo, and working backward to create your strategy from there.
Take the example of password management. Organizations using the username and password authentication method to verify their legitimate computer users must also provide a mechanism to help validate users who are having a problem. For example, they may have mistyped the password, are locked, and can’t log in to the system.
The ideal strategy starts with focusing on the small percentage of people who will forget their username or password – the exceptions. With the exception identified, the organization can plan and implement special measures to deal with the uncommon cases when the self-management process failed.
The next step is looking at what the solution is and figuring out if it can be automated, which leads us to our next strategy.
#2. Automation: Transfer Tasks, That do not Require Human Judgment, to a Machine
Knowing when to utilize automation can save companies a significant amount of money. Look for tasks that don’t require human judgment. Tasks like granting permissions to users who meet certain standards or automatic alerts when they meet pre-defined rules.
Going back to our password-management example, we have now determined that we need to deal with users who get locked out. Typically, how is a user unlocked? He calls the help desk. The operator at the desk helps identify the user who phoned him as a condition for providing the password reset service, asking a series of security questions.
This process can be transferred to an application, doing precisely the same thing. Instead of a human operator, a machine can check the correctness of the user’s answers and reset the password for him.
With one fix, we can dramatically reduce costs and the organization still has strong authentication systems in place.
#3. Know When to Outsource and When to Keep it Internal
Your organization most likely creates and stores vital information that, if exposed to an unauthorized entity, could result in an unbearable impact on your business. While important to protect, you most likely aren’t able to spend all your time on that one task – there is still the day-to-day, essential work that it takes to maintain the company.
If you do not possess the in-house capabilities required to gain and keep a good cybersecurity posture, the solution is not to give up on it entirely or to make compromises. That is when you should bring in an outside source to help.
Rockwell Automation LifecycleIQ Services works with organizations across a wide range of industries to take a proactive approach to cybersecurity. Our threat detection services can help you monitor and detect increasingly complex threats. We work closely with partners to provide comprehensive cybersecurity solutions to manage the operation of network security devices and applications, such as firewalls, intrusion prevention/detection, etc.
Cyber defense costs money, but it is possible to reduce the costs without compromising cybersecurity, and maybe even improve your defense.