Leveraging other non-IT functions is something we must aspire to improve!
Sometimes we cybersecurity geeks get so caught up with ourselves and our IT buddies in infrastructure, development, networking and the like, we forget there is a wealth of knowledge and expertise in process and analytics in many other areas of the organization. A simple example of this is in “Finance” where accountants have had some 80+ years of history and experience to standardize the language and hone and polish financial analytics and metrics. More on the importance of understanding “Finance” as a CISO in the near future.
A particular area where I believe we could better leverage other functions is User Behavior Analytics (UBA). We have way too many vendors in that space trying to solve what is the cyber equivalent of the world hunger problem. Daily I get calls telling me that almost instantly said vendor can solve most of my cybersecurity threats, radically reduce insider malicious activity and identity external bad guys that have compromised credentials across our systems. Of course, they are partially interested in the almost $100 billion market for IT security services and software, and nothing is ever as simple as it sounds! My intent here is not to bash innovative companies trying to build and improve capability in this space; it is only to point out leverage opportunities that don't seem like they are being taken advantage of today.
A couple of easy examples; marketing and customer focus departments, as well as credit card fraud analysis teams have been doing this type of tracking and analytics for years and yet we don't seem to be leveraging these existing processes and systems. Credit card fraud departments and marketing use sophisticated technologies and algorithms to track consumers every move and determine what's been purchased in the past, what's being purchased right now, and what might be purchased in the future. UBA companies and CISO's alike should jump on the bandwagon and partner with these experts to take advantage of several years of experience in looking for “user” (consumer) patterns and anomalies. In my opinion, this could significantly accelerate the quest to block and/or alert on suspicious activity.