Automating Compliance to Improve Your Cybersecurity Posture

Summary

As the threat landscape continues to expand, organizations are in a constant battle to stay ahead of attackers. OT remains a major target for cyber-attacks, as underscored by the recent attacks against the Colonial Pipeline. In fact, the 2021 State of Operational Technology and Cybersecurity Report from Fortinet found that nine out of 10 OT organizations surveyed experienced at least one intrusion in the past year; 63% had three or more.
 
The good news is the situation isn’t hopeless. While bad actors will undoubtedly continue to evolve their tactics and techniques, there are strategies and practices that enable OT leaders to stay ahead of these threats. One of the key aspects of strengthening cybersecurity posture involves the connection between security and compliance, and then layering in automation.
 

Attributes of a best-in-class strategy

The aforementioned cybersecurity report found that “top-tier” OT leaders–those whose organizations saw zero intrusions in the past year–were far more likely to be dependent upon orchestration, automation and predictive behavior as part of their cybersecurity strategy. They were also more likely to be tracking and reporting the financial implications of cybersecurity to the business, as well as reporting compliance with industry regulations and scheduled security assessments.
 
Unfortunately, such leading organizations seemed to be exceptions rather than the rule.  Although many organizations are making progress, there is ample room for improvement. Most OT organizations aren’t employing orchestration and automation, and the COVID-19 crisis further taxed their security readiness. The digital connectivity of OT-IT networks, combined with an ever-increasing advanced risk environment and the need to deal with pandemic-related issues, made it even more difficult for OT leaders to stay ahead of adversaries. Arguably broader implementation of security best practices takes time and money and leading organizations that made such investment were better able to address and withstand the security challenges and business changes driven by the pandemic. 
 

Compliance goes hand in hand with cybersecurity

OT and IT organizations are likely to view compliance as a time- and resource-heavy headache. But frustration aside, compliance can reveal itself to be a critical security linchpin and business enabler. The vast majority agree that compliance is an effective means of enhancing protection and tracking and reporting on important security measurements. Often the challenge with compliance lies in interpretation, and it’s difficult to know where to start and what to track.
 
Adopting and implementing the appropriate security architecture is an important foundation. But security extends beyond that foundation to automating not only compliance tracking and reporting but notifications of intrusions and/or breaches and subsequent remediation. Compliance is increasingly valuable to an organization’s top leaders, but if the reports must be prepared manually, organizations are not likely to execute that process more frequently than auditors require. 
 
Top-tier organizations are more likely to execute regular reporting, suggesting that they have automated compliance reporting processes across the enterprise. With more of a real-time approach to reporting, they are better able to improve their enterprise security posture.
 

Automating compliance

Security organizations simply cannot expend the significant amount of time that manual aggregation and interpretation of compliance indicators across disparate security systems requires. Even if a security leader has an infinite resource budget, it is almost impossible to recruit and retain all the cybersecurity talent necessary due to the acute shortage of cybersecurity skills. Automated tracking and reporting of compliance with industry and governmental regulations and security standards frees security teams to focus on strategic initiatives rather than manual tactics. It also empowers security leaders to proactively manage compliance, which certainly improves an organization’s risk posture.

Clearly, the value of automating reporting and notifications goes beyond enabling a security team to maximize limited resources. This practice also helps ensure regulatory compliance. Take GDPR, for example. If critical assets and data are breached, security organizations must send a notification within 72 hours or face substantial fines that are punitive well beyond potential brand impact. With the right controls in place and the ability to shrink intrusion-to-detection windows, organizations can automate breach notifications and even automate the remediation process.
 

Strength through automation

OT organizations certainly face greater risk than other business sectors due to the relatively recent increase in IT/OT digital connectivity and the security issues that have ensued. Survey data reveals that some organizations are employing orchestration, automation, and predictive behavior to run reports more frequently than required, which helps them spot and resolve issues faster. This affords measurable improvement in their security posture. It further eases the strain of operating with a disproportionate cybersecurity talent pool.

Moving forward, it is essential that OT organizations consider what steps can be implemented to enable automated compliance and realized improved cybersecurity.
 
Read more: The State of Operational Technology and Cybersecurity Report