October 20, 2023 at 10:44AM
In the field of cybersecurity, organizations tend to focus on new and flashy technologies, but they often overlook the importance of mastering the basics. One fundamental aspect is handling exceptions to security policies and procedures. Attackers take advantage of exceptions to infiltrate organizations, so it is crucial to have a clear process for requesting and approving exceptions, conduct risk assessments, and track exceptions to prevent abuse. It is also important to periodically review and expire exceptions. Investing in new technologies alone won’t solve security issues; strong foundational practices are essential.
The meeting notes highlight the importance of focusing on the fundamentals of cybersecurity, rather than getting caught up in the latest technologies. While advancements like zero trust, AI, passwordless authentication, and quantum computing are relevant, excelling at foundational security measures is crucial. One such consideration is the handling of exceptions in cybersecurity policies and procedures. Exceptions are a given in any organization, but how they are processed, tracked, and evaluated can greatly impact the organization’s ability to monitor, detect, and respond to cyberattacks.
It is important to recognize that attackers often exploit exceptions to gain easier access to an organization’s environment. A real-life example was provided where exceptions were initially requested for senior officers in a military contract, concerned that new technology might hinder their work. However, after explaining the added security benefits to the officers’ aides and assuring quick issue resolution, the exceptions were dropped, and the officers were ultimately better protected.
The notes suggest a few key considerations when it comes to handling exceptions:
1. Implement a clear and concise process for requesting and approving exceptions, ensuring it aligns with other security policies.
2. Include a risk assessment in the exception process to determine the impact.
3. Track all exceptions to prevent abuse.
4. Ensure exceptions have an expiration date and periodically review their validity.
5. Recognize that even with advancements in automation and technology, addressing security issues requires new human behaviors and processes. Neglecting fundamentals can have severe consequences.
It is essential to remember that cybersecurity fundamentals should not be overlooked, regardless of investments in new technologies. Just like Achilles from Greek mythology, weaknesses can be forgotten if lived with for a long time, leading to significant vulnerabilities.