Threat modeling allows an organization to assess the threat landscape.
With organizations globally focused on making the most of digital transformation, it’s important for them to place as much emphasis on cybersecurity.
That’s according to Herjavec Group‘s latest Cyber Conversations for the C-Suite Report. Robert Herjavec, Herjavec founder and CEO, and Shark Tank star, surveyed his executive team on how context-based identity programs, industry-specific threat modeling and security orchestration, automation and response (SOAR) tools play a pivotal role in securing digital transformations.
Adam Crawford, vice president of managed services at Herjavec, tells us the report points to challenges and opportunities for MSSPs and other cybersecurity providers in that enterprises are moving very fast to incorporate tools and technologies for both internal and customer audiences, and in most cases security teams are left to catch up to these business requirements, he said.
The three top conversations security professionals should be having are around identity, threat modeling and SOAR, he said.
“Threat modeling allows an organization to assess the threat landscape and understand how threat actors would target their organization, allowing them to understand the security controls in place to detect or respond to potential tactics employed by threat actors,” Crawford said. “Organizations can measure their ability to detect and respond to identified threat vectors, and how effective their employed controls are to manage the risk.”
SOAR can assist in automating some of the manual work performed by security operations personnel, allowing an increased mean time to detect (MTTD) in respect to a potential incident, he said. In addition, the orchestration functionality of SOAR allows for integrated access to the security controls used to protect the organization and potential automatic configuration of the security control in respect to execution of a specific playbook.
In addition, it’s important to build a context-aware security program that focuses on the identity of the user accessing the data, according to Herjavec.
The most common mistakes made by organizations when adopting a digital transformation strategy are not including the security group during the inception of the project and having them as an important stakeholder throughout the life cycle of the project, Crawford said. Usually the competitive demands and rush to get to market result in the security group being an afterthought in the digital-transformation process, he said.
Herjavec recommends having three key conversations with your executive team this year in order to prepare for the inevitable digital transformations facing your enterprise:
“Digital transformation isn’t new, and it certainly isn’t bad,” Herjavec said. “It’s important to understand that as enterprises embrace digital transformation, their security measures must evolve in response. The CIOs and CISOs I meet daily are challenged to manage the risk associated with these digital transformation efforts.”
Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
The Importance of Being Security-Centric
Judge: AWS Does Not Have to Reinstate Parler
Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures
Microsoft Taps Longtime Vet to Lead U.S. Partner Organization
Why Partners Should Prioritize AI in 2021
Despite Drop in Data Breaches, Exposed Records Jump in 2020
Legal Experts: VMware’s Lawsuit Against Nutanix’s New CEO Lacks Weight
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.