People, process and technology (PPT) is the three-word mantra for business operations managers. Process mining (PM) is the data science term for discovering, monitoring and improving processes like removing business bottlenecks. Merging the two (PPT and PM) to reduce cyber risk is a force multiplier, believes John Morello, CTO and co-founder of Gutsy.
"Today, security organizations and CISOs have poured in millions into various security technologies. Yet, breaches and incidents still make headlines. Why? Simply because security isn’t just about technology; it’s about people and processes as well," Morello said.
(see video below for full interview)
Morello sat down with SC Media as part of October Cybersecurity Awareness Month and explained how to unclog cybersecurity bottlenecks to mitigate risk. The concepts dovetail CISA’s Secure Our Worlds awareness message for 2023, especially as it relates to hardening business cyber defenses.
Morella explained in the context of cybersecurity process mining can create a detailed map of tasks tied to mitigating risk.
"Process mining is not specific to any domain in security. It's applicable to everything - vulnerabilities, identities, network security, incident management, all these are about processes,” he said. "If you can see where that process is breaking down, you can fix those things more reliably and quickly, reducing your overall risk."
Identity management, for example, is often viewed as a security function. It encompasses various departments from HR to IT. Gutsy's approach gives clarity to such processes, ensuring that when an employee exits, access to systems and data is revoked promptly and efficiently.
By connecting and seeing all systems, we paint a genuine picture of what's happening in reality. This way, businesses can identify inefficiencies and iron them out, Morello said.
With the complexity of cybersecurity it's important to go beyond the technology and delve into processes and people, he said.
Companies in the manufacturing sector use big siloed systems like SAP, NetSuite, Salesforce, and Oracle for their business operations, which Morello compares to the cybersecurity domain. Historically, process mining was utilized to understand complex business processes, such as managing inventory and transitioning from quotes to cash receipts.
Drawing parallels between the two sectors, Morello stated, "We thought that because manufacturing is a complex technical domain in which the technology has already been proven, if we applied it to cyber, we could provide similar insights."
However, he emphasized a significant distinction. "In traditional uses of process mining, it's about efficiency and driving down costs. In cybersecurity, inefficiency and inconsistency are highly correlated with risk. The less efficient a security process is, the greater the amount of risk associated with it," he said.