Part of:Achieving sustainable cybersecurity in the enterprise
How to put cybersecurity sustainability into practice
Cybersecurity sustainability practices involve mitigating cyber-risk without burning out people -- or burning through resources. Explore what that looks like on the ground.
At its core, sustainability is about using resources in a way that avoids exhausting them and strategically meets today's needs, while also preparing for the needs of tomorrow. Environmental sustainability, for example, aims to conserve natural resources, such as water, forests and fertile land, so future generations can thrive.
Similarly, cybersecurity sustainability means investing time, attention and capital in a way that mitigates risk, minimizes cost and maximizes effectiveness both now and in the long term.
Most companies mandate annual security awareness training as part of their compliance and risk management programs. Too often, this means doing the bare minimum -- requiring employees to passively view short informational videos, for example. Such one-and-done, box-checking exercises are typically a poor use of time and resources and fail to engage people in any active or meaningful way.
A more sustainable approach to security awareness training continuously seeks to change the real-world outlook and behavior of employees to generate ongoing ROI. By offering substantive and interactive security awareness training, beyond an obligatory 30-minute video, organizations can impress upon users the seriousness of cyber-risk and the important role they play in mitigating it. By giving people the skills to recognize potential threats -- educating them on emerging phishing campaign tactics, for example -- and the tools to report them, security leaders can create a legion of on-the-ground first responders.
An engaged and educated workforce is the front line of sustainable cybersecurity.
As more people in the workforce become cyber-aware, the practice of identifying and reporting threat activity eventually becomes second nature and spreads to new and existing employees. An engaged and educated workforce is the front line of sustainable cybersecurity.
Sustainability and process
Organizations typically codify security processes via documented policies or, ideally, automation. But even automated processes often require an element of human intervention that can create cybersecurity sustainability problems.
Consider password policies, which affect almost everyone. A strict, cumbersome reset process that requires excessive overhead for users, whether employees or customers, quickly becomes expensive and hard to sustain. For example, imagine you're a business user who tries twice to log in to your account but fails, and the system automatically locks you out. You then must call a staffed help desk and wait 45 minutes for an agent to become available to reset your account. That's an inefficient and unsustainable process that burns time, energy and attention, arguably without proportionally lowering cyber-risk.
A better process can reduce friction and improve cybersecurity sustainability. Instead of locking out a user after two failed logins, for example, do the following:
lock the account if the user performs risky, atypical or unauthorized activity.
You could further ease the burden on the help desk by automating password resets for low-risk accounts. The end result: increased user productivity, shorter help desk waits and less agent burnout.
Another important way to support sustainable technology is by working with vendors that support the right to repair, especially when it comes to batteries. For battery-driven devices, including laptops, tablets, phones and IoT devices, the battery is often the first thing to fail or wear out. If an entire device needs to be discarded just because of a worn-out battery, a huge amount of good, still-workable tech goes to waste. Vendors that allow organizations to replace worn-out batteries and repair small issues in their hardware support sustainability, leading to cost savings for your company. That's a win all around.
