A couple of years ago, my colleague Hazel released an inspiring blog post explaining an interesting analogy on Cisco’s approach to cybersecurity: if cybersecurity was a pizza. As I began to prepare for my festive feast, a similar analogy was cooking (ahem..,) as I thought about how many elements there were to consider when planning a Christmas dinner and how they could also be aligned to a security strategy for modern consumers and businesses. Security, as with a Christmas dinner, is not just about the food but the entire experience and process that surrounds it. These thoughts inspired me to put pen to paper (showing my age there!) and illustrate some obvious and some tenuous links between security and a Christmas dinner. I hope you enjoy this brief article as much as I enjoyed writing it
It’s Beginning to Look a Lot Like Christmas
So, as unusual as it sounds, how does cybersecurity compare to a Christmas dinner? As we all know, there are many elements to plan and consider – the traditions, the emotions, the ‘political’ balance across all your invitees and those you visit, the timing and, of course, the food and gifts. Distilling it all down, here are some analogies which I hope will prove slightly amusing but also, ultimately, thought provoking; helping us all stay prepared over the festive season and into the new year:
- Risk – a very common word when discussing security but less so when planning Christmas, yet the term applies to both. Within businesses, there is a need to map key applications and data to understand what we need to protect and prioritise. The mapping process also needs to take place when organising our Christmas dinner. For example, we need to decide where our most eccentric and controversial family member should be sat at the dinner table to minimise the risk of conflict. Creating an argument at Christmas could jeopardise our day and ruin our guests’ experiences. A compromised business application could cause huge problems too, risking our valued business assets, reputation and customers’ experience.
- Insurance – a consideration sometimes overlooked during the festive period. Homes and cars often have more valuable items stored within them compared to other months of the year, and the insurance protection should be considered to account for the worst-case scenario. Similarly, cyber insurance is becoming more common now and is an aspect of an overall security strategy that should be considered – tying a suitable approach alongside your risk strategy seems to be good practice.
2) Thinking Ahead
- Supply chain – when preparing your Christmas meal, you might be interested to know where your turkey or vegetables have been sourced from. You may be catering for different tastes, preferences, or cultural requirements, and will want to be able to offer your guests a meal that is perfect for them. You will also want to consider supply chain within your business, especially as it relates to your approach to security. Within the topic of cyber threats, it is well understood that third party suppliers can sometimes be a much easier target for hackers, allowing them to then find a way into a larger company with desired assets.
Therefore, quantifying the security posture of all suppliers and interested third parties is a fundamental part of a security strategy. As one example of a potential mitigating control, Cisco Umbrella is helping organisations to identify current and emerging threats, with our customers experiencing a 100% reduction in ransomware, a 99% decrease in overall threats with a 75% reduction in investigation time. Partners such as BT can offer this solution as part of an end-to-end managed service, providing a comprehensive and integrated security portfolio to protect customer data and brand reputations.
3) Care and Attention
- Keeping up to date – this is crucial for both areas. Our obsession with watching the latest Christmas adverts, especially from John Lewis and the Big Four supermarkets, has almost become a national pastime! Similarly, knowing the latest threat vectors and ‘in-the-wild’ attacks is critical to ensure that you’re addressing security in the most relevant contextual way. Knowing if you’re impacted by the latest threats is much more possible now using tools such as Cisco’s Threat Response; a free to use web interface available to Cisco security customers.
- Consumption – understanding consumption is another aspect that is important. Just as much as you want to ensure good hygiene and quality ingredients in your Christmas dinner (you don’t want to give your guests food poisoning), you also want to ensure that the intelligence that’s feeding your security approach is valid; not just in the ‘now’, but at all points during the operational lifetime of the chosen solution. Talos Intelligence is the Cisco security intelligence division that powers our approach to security both internally and for our customers.
4) Suitable Complexity
- Passwords – we love them don’t we! We all know someone who reuses passwords across multiple sites or who has simple passwords because they’re easily remembered. It’s the same with Christmas dinner – would we want just a simple, plain meal of turkey and brussel sprouts? I think not! Complexity is important across both scenarios and needs to be embraced accordingly. Software such as password managers are a great help to enable much better security diligence when choosing passwords. Use better, more secure passwords, and have a full Christmas dinner and everyone will be happier!
- Task repetition and evaluation – we all get stuck in a favourite way to do things or a favourite TV show to watch, meaning that we’re often blind to alternative options open to us. At Christmas there might be a better way to prepare the food or wrap the presents, and we should be open to such things as it may improve the overall experience. Security, in similar fashion, is in a constantly evolving state and should be regularly reviewed to ensure that operations are relevant, contextual and appropriate. If there are better ways to do things, then we should embrace them, as it enables consistent learning and ongoing improvement with the right controls wrapped around the process
5) The Magic Ingredient!
- People – At Christmas, people have the power to make the entire experience amazing from start to finish with great food, conversation and spirit. Again, with security, people are the magic ingredient whether they’re direct employees or part of an outsourced managed service. Without people interacting and applying intelligence to the configurations and daily operations, the accompanying security solutions are probably less effective and, therefore, less valuable.
- Integration – a little more tenuous I’ll agree but integration is also important to both Christmas and security. On average, companies have up to 50 different security products aimed at protecting them every day. The challenge is co-ordinating and managing all the resulting management interfaces, whilst still ensuring that the Time to Detect and Time to Resolve are appropriately low and in line with the internal risk policies. Cisco have an integrated security stack of products that talk to each other and, with every addition, increase the value, automation and lowered administrative overhead. Christmas is also a time for integration and simplification, like begrudgingly allowing your family members to help with the food preparation. Integration brings so many benefits and we must absolutely embrace it.
So, in summary, Christmas is a great opportunity to connect with people, share the love, eat great food and celebrate. I hope these analogies have given you some ‘food for thought’. I hope everyone has a magical festive period and Happy New Year when it arrives!
For more information about some of the great value that Cisco Security can add, go to our website and take a look around.