The 'separate forensics' ship has sailed
Why aren't businesspeople and IT people working together to help their company navigate the rough seas?
Fusion centres represent the future of business and cyber risk mitigation because they meld the best of both capabilities into a single, collaborative unit that's more productive and efficient.
As businesses increasingly digitalise, the practical cross-overs between these two capabilities grow since they begin to use the same information to combat progressively related issues using many similar, and expanding, technologies. And, if these elements remain separated in a business, then it neglects a potent constituent of digitalisation that possibly takes care of the company's top problems in a highly connected and highly automated world: security and mitigating business risk.
The types of activities these elements deal with range from highly prevalent cyber security threats like ransomware to corporate espionage and even nation state actions, to the business issues of corruption, partner disputes, accounting discrepancies, and more.
Each of the units contains its own skills, resources and tools to handle these issues. Today, they seldom co-operate. And when they do, it's typically up the chain of command from the one and then down the chain of command of the other, usually to fulfil requests for information. It's a very slow process contrary to the requisite properties of an efficient risk unit.
Businesspeople and IT people still don't talk.
Cyber security centres, called SOCs, have members who are the daily operators who acknowledge and respond to alerts. They hand off to the senior investigators who are the analysts. Analysts determine the causes behind cyber attacks, for example, and how to respond to and remedy IT problems.
It's a very IT-oriented approach. And it concerns itself with IT issues such as firewalls, malware, anti-virus systems, packet inspections, logs, and so on. It's great for cyber security. Requests from other business units are a low priority for this team, particularly requests that have to do with business issues, about which this team usually only has a tenuous grasp.
Business of IT
Companies have always had the businesspeople looking into issues such as incident forensics, risk forensics, and so on. But this group of businesspeople is increasingly cyber aware. They use many of the same tools; the issues they face increasingly contain a cyber element; and many of the issues they face are caused by connectedness and digitalisation. And they encounter ever more technology in their personal lives, for personal use. And when they interact with all manner of companies as consumers themselves, they are more proficient than ever before.
Unfortunately, these two units are almost always decoupled in businesses today. It is an almost sacrilegious waste of the company's resources to duplicate this capability. On the one hand, there is a highly experienced group of businesspeople who have decades of knowledge and exposure in dealing with sophisticated issues. On the other, there's a group of technologically advanced people who specialise in ferreting out the nuggets of information and relationships that support both forensic operations. Why aren't they working together to help their common patron?
Good people at many companies are actually talking about this approach, and some have even kicked off integration efforts. But, hindering faster more widespread adoption is a problem as old as IT itself. Businesspeople and IT people still don't talk. They hold onto their fiefdoms and they clutch their silos close. Some use the excuse that they haven't digitalised to any major extent so this isn't a serious consideration for them.
But, the truth is, even companies that haven't progressed very far along the path to digitalisation already face enormous risk.
Consider the impact of data on smartphones and tablets in a company, and the access they potentially provide hackers to the company's network. And business risks have always been a problem. It just makes a great deal of sense to combine the forces available to marshal the best possible response against the rampant threat vectors companies face today.
Tallen Harmsen has more than 14 years of experience as a security consultant and 21 years in the IT industry. He has been exposed in depth to the financial services, insurance, healthcare, pharmaceutical, mining, retail and logistics sectors. In his role as head of IndigoCube Cyber Security business, he engages progressive business solutions that challenge the emerging and entrenched threat landscapes.