Building and managing a security program is no simple task, but it can be made much easier with the right combination of people, process, and technology. I recently had the chance to sit down with two Rapid7 customers to hear how they’ve approached building out their security programs and some of the obstacles they’ve encountered in the process. Jeffrey Gardner of Landmark Health and Aaron Baillio of the University of Oklahoma are on the front lines of security in their respective organizations and have faced challenges that sound familiar to us all.
In the final webcast of our H!NT Summer Webcast series, our expert panel members discuss how they’re improving their incident detection and response programs, in part due to security orchestration and automation and managed detection and response.
Missed this webcast? Read on for a quick overview of some of the topics we discussed, or catch up with a recording on demand.
Security roles and responsibilities are evolving, with a shift toward detection and response
Both of our panelists noted an increased focus on security at their organizations, with their security teams doubling or even quadrupling in size over the past few years. There’s been an increased focus on dedicated resources to cybersecurity, specifically for incident detection and response. As organizations grow and evolve, it is important to continuously assess tools, processes, and personnel to make sure your team is prepared for all of today’s cybersecurity challenges.
Cryptojacking and phishing attempts are on the rise
For Aaron at the University of Oklahoma, cryptojacking is a significant threat and has been steadily increasing over the past few years. They typically see cryptojacking being blocked on student devices almost 1,000 times a day. Two of the largest threats the higher education industry is currently facing are DDoS attacks and phishing attacks, especially targeted toward credential capturing.
At Landmark Health, phishing is also a significant problem, with emails typically geared toward gathering account information and wire transfers. With a significant portion of its workforce working remotely, Landmark Health is also focused on from where its employees are logging in and is constantly on the lookout for suspicious logins.
Executives and boards of directors are increasingly interested in security metrics and trends
Building a successful security program includes identifying which metrics to measure and monitor, and which are best to share with leadership. While every organization records and shares different metrics with their board and executive team, Aaron and Jeffrey have been most successful when they tie their security metrics to business goals and functions.
They’ve also found security metrics helpful when seeking buy-in for investments in new security tools and solutions. Data that reports risk reduction and time saved can go a long way toward gaining budget approval for new security investments.
SecOps practices help break down the silos between security, IT, and development teams
As security leaders, both Jeffrey and Aaron focus on driving alignment among internal teams to ultimately power secure innovation within their organizations.
They recommend selecting champions within the IT and development teams to serve as an extension of the security team. Whether it is through providing security trainings or inviting them to weekly meetings, helping these internal champions feel more involved in the security program helps to build stronger relationships and increase alignment.
Want to learn more about how to build a security program at your organization and hear more of our experts’ guidance? Watch the complete webinar recording on demand today!