

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Thank you for Subscribing to Business Management Review Weekly Brief
In an interview with Jeremy Thompson, Director of Security at Highline Warren, he discusses the factors that make up an effective and efficient enterprise security and cybersecurity program.
1. What Are Some Of The Major Challenges And Trends Impacting The Enterprise Security Space Lately?
No matter where companies are on the maturity spectrum with their cybersecurity program, there seems to always be a desire not necessarily to cut corners but to try to ‘buy’ maturity. I’ve found that the technology and new security solutions are always the easiest part; the hardest part is almost always the people and processes. There may not be staff trained on how to use the new solution; the solution may have been sold as freeing-up headcount, when in reality the team was already understaffed for its current responsibilities. Then they are just left with a fancy tool that they aren’t leveraging and achieving any ROI on. Secondly, the processes. The solution may be fully able to secure the target area of the security program that it was designed for; however, the business, or their processes and people, may be unwilling to conform to the new controls; or the processes are not defined and formalized such that a solution can be built to protect the holes without impacting the desired behavior as well.
Enterprise Security, in order to be efficient and effective, given the constraints on most Infosec teams, relies on standardization and simplification as much as any LEAN or TQM initiatives in the ‘business’ side of operations. Rather than being the umbrella protecting the organization from being impacted, IT and the cyber teams end up being the sieve trying to keep bad things already in motion from completely falling out of control.
I’ve Found That The Technology And New Security Solutions Are Always The Easiest Part; The Hardest Part Is Almost Always The People And Processes
I think one of the biggest challenges is that everyone chases the shiny and new. There is so much of Enterprise Security and a good cybersecurity program that relies on “eating your vegetables.” It is not glamorous or flashy, or requires buzzword-laden new solutions; it ensures that the IT department has the basics all covered. Things like accurate hardware and software inventories, accurate and up-todate network diagrams; doing regular access reviews on privileged accounts. Other things that often get overlooked are regular firewall reviews and plain old patching. That being said, there are some newer solutions that understand those problems and are trying to make it easier for companies to keep up on their cyber hygiene. They may use some buzzwords like ‘attack surface discovery’ or ‘autonomous meta-tagging and categorizing’, but they are helping with some of the basics for IT departments.
2. What Keeps You Up At Night When It Comes To Some Of The Major Predicaments In The Enterprise Security Space?
The ambivalence or openness of companies or the overall user community towards sharing of information. Many do not realize at all how much open-source intelligence (OSINT) there is about them, or their employer. It seems the goal is to be TikTok ‘famous’ or an influence, someone that has a lot of followers. However, those same associates may be completely taken aback by a cyberincident using all of that information available about them out there. From your employer, to your location, geo-tagging of photos; it all adds up to an almost unfathomable amount of information available about individuals now on the Internet. However, the average person thinks it is too hard to leverage that information, which is precisely what cybercriminals know isn’t the case. Sometimes companies or individuals make it easy for the bad guys to target them and come up with persuasive or easily believable scams.
3 . What Are Some Of The Technological Trends Which Excite You For The Future Of The Enterprise Security Space?
Although I sounded like a naysayer above, I think the application of AI across the technology spectrum could be one of the most wonderful things for the global society, if leveraged for the advancement of all. However, we know that greed, power, and politics all will work against that goal. My hope is that AI will equip the cyber defenders to better keep pace with the cybercriminals and nation-state actors, as opposed to usually always being a step or two behind.