Great Expectations: Examining the Limits of Exceptionalism

The Importance of Cybersecurity Basics

The Temptation of Shiny New Technologies

With the constant evolution of cybersecurity threats, organizations are often enticed to chase after the latest cutting-edge technologies such as zero trust, AI, passwordless authentication, and quantum computing. The allure of these new solutions is undeniable, as they promise enhanced security and protection against emerging threats. However, it is crucial not to overlook the significance of getting the foundational aspects of cybersecurity right.

Foundational Framework for Security Programs

Before investing in new tools or architecting a new security infrastructure, organizations must prioritize excelling at the fundamental structural underpinnings that form a successful security program. These basic considerations build the framework upon which advanced technologies can be effectively integrated.

The Role of Exceptions in Cybersecurity

Among these foundational elements is the concept of exceptions within cybersecurity policies and procedures. Enterprises acknowledge that there will always be scenarios that deviate from standard security protocols, ranging from patching exceptions to multifactor authentication (MFA) exceptions and access and firewall exceptions. How organizations handle and process these exception requests is paramount, as it can significantly impact the organization’s ability to monitor, detect, and respond to cyberattacks.

Justifying Cybersecurity Exceptions

The Attractiveness for Attackers

Attackers are fully aware of the potential vulnerabilities associated with exceptions, making them an attractive avenue to exploit an organization’s environment. For instance, in a military contract scenario, exceptions were requested for senior officers regarding application allowlisting. The aides to these officers believed that the technology might interfere with their work, but in reality, the senior officers were the group in need of additional security protection. By engaging in dialogue and patiently explaining how the technology would enhance their security rather than hinder their work, the exception requests were dropped, and the VIPs were ultimately better protected.

Exceptions as Indicators of Security Potentials

The presence of exceptions serves as an indicator of how effective an organization’s security measures could be in an ideal scenario with fewer or no exceptions. By minimizing the number of exceptions, organizations can strive towards a more robust security posture.

Best Practices for Managing Cybersecurity Exceptions

Addressing cybersecurity exceptions requires careful consideration and implementation of best practices. Here are a few key points to keep in mind:

Establish a Clear and Concise Exception Request Process

Organizations should have a well-defined process for requesting and approving exceptions, ensuring clarity and simplicity. The basis for granting exceptions should not be mere convenience but rather align with other established security policies, such as acceptable use policies.

Include Risk Assessments in the Exception Process

A crucial component of managing exceptions is conducting a thorough risk assessment to evaluate the impact of each exception. This step helps gauge potential security risks and determine the level of control required for each exception.

Implement Exception Tracking and Monitoring

Tracking exceptions is vital in preventing their abuse or misuse within the organization. Robust monitoring systems should be in place to ensure exceptions are consistently reviewed, validated, and utilized appropriately.

Review and Expire Exceptions

Exceptions should have expiration dates to ensure ongoing relevance and to prompt periodic review. Regular reviews can help assess whether exceptions are still necessary and valid.

Focusing on Cybersecurity Fundamentals

While automation and advanced technological solutions can be valuable tools in enhancing cybersecurity, they should not distract organizations from prioritizing the foundational aspects of security. A strong security program requires a combination of technological advancements and human processes that address the unique challenges of each organization.

Conclusion – The Achilles’ Heel of Cybersecurity

Ancient Greek mythology tells the tale of Achilles, a great warrior whose only vulnerability lay in his heel, leading to his downfall during the Trojan War. Similarly, organizations that neglect the essential aspects of cybersecurity, such as managing exceptions, risk encountering severe consequences. It is vital to recognize and address these weak spots, even if they have become ingrained in organizational practices over time. Achieving cybersecurity excellence demands a holistic approach that encompasses both cutting-edge technologies and a solid foundation of fundamental security principles.