Whether your business is large or small, having your security team maintain focus during short-staffed, distracting times such as the holidays is critical. Photo by Kelsey Chance on unsplash.com.

The holiday season is one of the busiest times of year for the information security professional. Attacks may spike, especially in the retail industry. Fraud is rampant. Researchers and bounty hunters are reporting findings daily, hoping to cash in on finding a critical bug before the fiscal year closes out. All of this, and staffing is even slimmer than usual, leaving many cybersecurity pros on 24/7 watch schedules with little break. 

Whether your business is large or small, having your security team maintain focus during short-staffed, distracting times such as the holidays is critical.

Consider a few major brands that have been hacked during hectic or holiday times and are still struggling with data security problems as a result. Adobe reported that hackers stole nearly three million encrypted customer credit card records plus login data for close to 153 million users. Canva had 137 million user accounts jeopardized in a hack and eBay has continually been the focus of cybersecurity breaches. Equifax, one of the largest credit bureaus in the U.S., suffered a breach that exposed 147.9 million consumers in 2017 and My Fitness Pal, a health and fitness app, had 150 million customers’ data stolen and then put up for sale. Mercy Health Hospital was breached and the hack exposed protected health information. Blue Cross Blue Shield has encountered multiple data breaches over the years and had an employee error that exposed the data of nearly 16,000 patients online for three months.

Keeping your security team sharp, refreshed and ready to act is essential to having a strong and robust response. Once the holidays are past us, a post-mortem can help tweak the workload of your security team in a way that makes your responses better, more mature and more effective in 2022. 

Here are four critical questions to ask your security team in January: 

1. No. 1: How does the team cover alerts that come in after hours or on the weekends? Many companies don’t have the luxury of overseas teams that can handle overnight shifts, and so security employees are assigned to respond to incidents outside normal working hours. 
2.  
3. No. 2: Are teams responding to only the most critical incidents or are they responding to everything? Companies can define critical in many different ways – simply by the severity of each incident, or by other factors, like how many endpoints an organization maintains or how much revenue it generates. Keeping a tight circle around which incidents get priority can keep employees from getting “alert fatigue.”
4.  
5. No. 3: Are teams responding or helping with incidents that are not related to information security? This can be fine for smaller teams, but as companies grow and their number of alerts increase, handling non-security matters can lead to staff burnout. Being a security operator in a company can begin to feel like being a doctor at a cocktail party – when everyone hears what you do, they line up to get diagnosed. Taking a more “surgical” approach (pun intended) to which matters security teams spend time on is a good way to help them maximize their time.
6.  
7. No. 4: Are vendors providing the amount of assistance they promised? Some vendors may promise a robust security operations function, but all they produce are often generic alerts, with little description of how to remediate them. For less mature teams, this can cause a sudden increase in tasks that changes the nature of each person’s job, and can lead to work productivity lapses, and ultimately costly mistakes, if employees aren’t properly trained. 

---

 

Kate Fazzini is CEO of Flore Albo LLC, an adjunct professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. The first five readers who send an e-mail to this address link will receive a free signed copy of John’s new book, The Insecurity of Everything.