Thursday, September 23, 2021

Why Creating Good Cyber Habits Is So Hard & How To Overcome It

 


Many of our habits are ingrained and instilled into us from when we are very young, but keep in mind that habit formation can still transpire even well into our adult hood.

Anybody or anything can shape our behavior towards certain things in life, but the common denominator in all of this that while when New Year’s rolls around, and we promise to break old habits and start new ones, we always go back to the way we were, no matter how much of a best effort that we take. 

Now, I am by no means a psychologist in any way, and I too have been stuck in my ways for a long time. 

I keep thinking to myself I am going to change some old habits of mine and start new ones.  But more than 90% of the time, I go back to my old ways, something of which I am not too proud of too say.  But one of the key things that we have to learn in life is how to keep our personal habits separate from our professional habits.  If you think about this, this is an even harder task to accomplish.

After all, we always want to leave the best impression that we can not only with our supervisors and coworkers, but we also want to do that with our customers as well.  And this is even more true in the world of Cybersecurity.  After all, we do not want to blend in our “bad habits” to what we do as a living every day, as there is too much at stake here.

So, what are some key, good habits that, you the Cybersecurity professional need to maintain at all times while you are on the job?  Here are some key traits to be on the conscience look out for, and try to adopt:

*Keep abreast of the latest frameworks:

Now I realize that this is a tough one to be had.  For instance, there are tons of them out there, a lot oof them from NIST as well as others from the more established Cyber vendors, but you don’t need to stay on top of each and every one of them.  It’s almost impossible unless you have a photographic memory.  So in this case, you should have a serious talk with your CISO and IT Security team and try to figure out which framework your company wants to adopt and make use of going forward.  In this regard, one of the most popular ones to use is that of the MITRE ATT&CK.  The link for this is below:

https://attack.mitre.org/

This framework is about as real world as it can get, as the bulk of this knowledge comes from observations submitted from other Cyber professionals.  So if you choose to use this framework, make sure that you are reviewing it, at least once a week or so to keep on top of any updates that are made to it.

*Keep an eye on what is real:

Let’s face it, burnout in the Cyber industry is quite high right now, and one of the main drivers for this is the jargon which is known as “Alert Fatigue”.  Simply put, this is where the IT Security team is so inundated with all of the information and data that they receive, they let the legitimate warnings and alerts to literally fall through the cracks because they are so exhausted.  What can be done about this?  It is simple, make use of both AI and SIEM tools.  With the former, it can automatically filter out for only the real threats, and with the latter, they are all presented to you in one harmonious dashboard so you do not have to comb through hundreds of screen.  If you don’t have this in place, talk to your CISO about it ASAP, and get it implemented quickly.  This is now a must have given the heightened level of Ransomware attacks that we are seeing these days. 

*Maintain a proactive stance:

This is one of those good habits, that unfortunately takes a long time to build, and usually has to come straight from the top, especially from your CISO.  Not only that, but this takes an enormous conscience effort as well.  But it is important to keep here that you do not have to do this all overnight.  Creating a good habit takes a lot of time to accomplish.  Instead, break it down into bits.  For example, as it relates to Cyber, perhaps engage first in preemptive actions, like conducting a Threat Hunting exercise each week for a certain part of your IT/Network Infrastructure, to make sure that there are no malicious actors lurking around in there, that are moving in a lateral fashion.

*Keep up with the triaging:

This goes back up the second point that I just talked about.  Now that you have the tools (AI and SIEM) to help weed out for the false positives, the next mission for the IT Security team is to triage them into the proper, escalating fashion so that it can be acted upon.  True, you could also automate this process as well, but IMHO, this takes a human eye to do.  Keep in mind that you have to plug in certain rules and permutations into the AI system of what to look out for. It is not yet a perfect science.  So in this instance, these tools may not be able to the proper sort of escalation (meaning, something that is urgent may be marked merely as “important”), thus still requiring human intervention.

My Thoughts On This:

Well there you have it, some key behavioral traits that only you, but the rest of your IT Security team and even CISO have to instill into themselves.  This is an area of human behavior that cannot be pushed off, especially given the Cyber Threat Landscape that we are faced with today.  But as I have mentioned before, starting up a good habit not only takes a lot of time, but a lot of hard work as well.

But don’t take things in one huge gulp, as you will face an even more severe layer of burnout.  Instead, try to adopt these good characteristics a bit at a time, until they become fully ingrained into your and your team.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...