Crossing the divide – automating security processes across physical, business and IT domains
Security is a critical requirement for all organisations. Getting security right involves the correct mix of people, processes and technology working together. However, many enterprise companies don’t look at the full mix that encompasses information security, and instead split their physical security and business continuity teams away from their IT security departments.
According to research by ASIS, around half (52 per cent) of companies have converged two or three out of their physical, IT security and business continuity teams together, with the majority of those opting to bring together their continuity and physical security teams. Of those that have not brought teams together, around 70 per cent have no plans to do so.
It’s Important to bring all department’s security together
The reason for this is that cybersecurity is perceived as having a more specialist role within the business and that this prevents companies from bringing their departments together. However, while IT security has its own specialist requirements and skills, it should not be looked at alone.
Businesses are looking at how to manage risk more effectively across all their operations, and they have problems when their teams are siloed and don’t have the full picture. The Cybersecurity and Infrastructure Security Agency (CISA) has developed its own guide to this area, based on the growth of the Internet of Things and more connected devices entering both homes and businesses, so this will continue to grow in importance.
The rise of automation
The pace of change that companies face today, coupled with the impact of the COVID-19 pandemic, means that more organisations are moving to digital services and automating their operations as much as they can. Security is no exception here – according to our research on security and automation, 75 percent of companies say they would need an additional three or more analysts in place to deal with all their incoming alerts in the same day, while 83 percent say their teams face ‘alert fatigue.’ IT security teams are drowning in data, but they feel unable to cope – yet at the same time, they will have to work more closely with other departments as well.
Automation is necessary to deal with all these problems, but it should not be looked at in isolation. While IT security teams are keen to invest in automation using technologies like Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR), these investments can be used across both physical and IT security. As IT security teams invest in automation, they can adapt and extend their approach to help risk management and security in the physical world as well.
The best approach to be successful around this is to look at areas where real-world and IT security challenges cross over for businesses. To adopt this approach successfully involves understanding business processes better.
Fraud detection processes
Automation involves using data and analytics to improve how a process operates from beginning to end, including where IT and technology is used to support physical interactions or activities. A good example of this would be a bank’s fraud detection process, where multiple digital and physical transactions have to be monitored and investigated. Bringing together different teams – physical security, business continuity, risk management and IT security – is about how to protect the whole organisation against risk.
While the most well-known area for fraud investigation would be credit card transactions, there are multiple different types of transactions to track, from national and international wire transfers to prepaid phone cards and other prepaid cards that can be used for credit purchases. Each of these will have its own workflows and requirements to investigate a transaction, This can include looking at whether transactions are false positives or need further investigation, which is based on a mix of digital documentation for online purchases and physical data from in-person transactions. At the same time, the sophisticated nature of fraud can mean there is a large IT component to any investigation.
Members of the IT security team may need to be involved alongside the anti-fraud department. While this investigation is necessary, it pulls analysts away from cybersecurity tasks, which can be especially frustrating where false positives are concerned. Instead, automating the investigation process can help.
Consolidating Physical, IT and risk management
By consolidating processes and automating the workflow, this pulls physical, IT and risk management together in a smarter and more efficient manner.
It also improves productivity for an anti-fraud team as they can remove false positives from the workflow and get automated support for IT analysis. If the team needs more human insight, they can bring this in where they need it rather than requiring it for every investigation. While anti-fraud is one example of where this kind of convergence and collaboration is required, there are other use cases.
For instance, industrial control and manufacturing applications that run production lines around the clock are frequently targeted for attacks, either to steal vital data or to disrupt business operations. This crosses over from the realm of IT into the world of operational technology, where systems are very different and the systems used may have been in place for years, even decades. Bringing together different teams – physical security, business continuity, risk management and IT security – is about how to protect the whole organisation against risk.
By working together, teams can be more efficient rather than working in their respective silos. This involves better use of data across those teams, which will rely on more automation to be efficient. Using SOAR, security analysts and business risk professionals can cut the amount of time needed to respond to potential problems, reducing the impact and remediating faster.
At the same time, it reduces the waste associated with false positives and manual work.
The emphasis here should be on how to support the business with better security – by consolidating processes and working more effectively, security teams across the organisation can achieve that goal.