Regardless of a company’s size or industry, incorrectly configured security tools are by far the most common issue I’ve seen. This problem extends well beyond cybersecurity, and in general it’s an endemic problem in technology organizations.
A 2020 study by Boston Consulting Group found that 70% of large-scale IT transformation projects fail. In the study, they discussed 6 factors that help organizations avoid those failures — better technology isn’t one of them. What this tells us is that the tech is the easy part.
If you don’t have robust processes defined on how to use your tech and how it integrates into your organization, the tech is going to fail. Or if you don’t get your people on board, they’ll rail against the technology, which will also cause it to fail.
I’ve seen it time and again — across clients, organizations, partners, companies I’ve worked at directly, everywhere. Security tool misconfiguration is a systemic, endemic failure.
What Are the Impacts of Poorly Configured Security Tools?
The largest impact of misconfigured security tools is that it puts the company at risk for a security breach. If a tool is not configured correctly or a project fails, that means there’s some sort of a hole in coverage or visibility for the company.
There will be incidents the team isn’t able to detect and respond to, and there will be metrics they can’t collect. As a result, those things they can’t see will go unnoticed. If it takes you longer to detect a breach, it will take you longer to triage it, figure out what happened, and how to resolve it. All the while, the breach is still ongoing.
More importantly, misconfigured security tools will likely increase the severity of security incidents. The more time an adversary gets to spend inside your network, the more likely they are to do insidious damage and higher dollar value harm.
According to IBM, the average cost of a data breach in 2023 was $4.45 million, up 15% in the last three years. Every failed security project and every misconfigured tool puts an organization at least one step closer to realizing that type of a risk.
On the business side, poorly configured security tools will manifest as performance problems, such as tools eating up too many cycles on servers or laptops. If your security tools increase the time it takes to run business processes, you’re losing business because you’re failing your clients and not getting your work done.
6 Signs That You Might Have Poorly Configured or Installed Tools
Given the impact that poorly configured security tools can have on your business, it’s important to know what to watch out for. If you see any of these 6 things in your organization, it’s a sign that your security tools might be poorly configured.
1) Lack of Metrics and Visibility
When leaders ask about certain security topics, metrics and visibility should be readily available. If your tools are properly configured and working optimally, that data should be at your fingertips. If it’s not, then it’s a clear sign that something isn’t properly configured.
This also applies when companies don’t have enough visibility, such as with mergers or acquisitions.
If those organizations are part of the company and connected to the same network, they’re under the same financial umbrella. They pose just as much risk as any of the other divisions of the company.
2) Struggling with Basic Security Hygiene
Hygiene is the basis of security: patching, vulnerability management, making sure tools are installed and running and healthy. Common lack of hygiene is a great warning sign that there’s a problem with your security tools and with your security program overall.
It’s awfully hard to effectively run something like a data loss prevention program when you are struggling to patch your systems or keep your antivirus up to date. If you’re already having trouble with basic hygiene, then it’s unlikely you’re going to be successful in the bigger, more complex projects.
3) Pivoting Between Tools
Security personnel shouldn’t need to pivot from tool to tool in order to do their jobs. There should be a single location, portal, or application that integrates all your tools. Pivoting is a clear sign that there is some misconfiguration, and more importantly, is an opportunity for improvement.
4) Lack of User Awareness Around Security
An ailing security program or one that is too focused on firefighting will generally be lacking in security awareness. In companies where security is operating like a well-oiled machine, an attitude of security is pervasive in everything and across every organization.
In contrast, an organization that is struggling will demonstrate attitudes of security being security’s responsibility. They’ll treat it like a bolt-on solution after the fact rather than designing it into daily processes and work products.
5) Lack of Policy and Procedure Documents
This is another great indicator of security troubles. When tech is constantly being swapped out, it’s hard to create and maintain accurate documentation. And, although policies should be technology agnostic, a lack of policy can often stem from analysis paralysis driven by the tech churn.
This will result in a lack of ability to see the bigger picture, which includes top-down metrics and overarching policies. This can also lead to compliance and regulatory woes, as auditors are driven to dig into the policy gap instead of taking compliance reports at face value.
6) Lack of Documented Data and Process Flows
One less obvious sign is a lack of documented data and process flows. In order to properly secure an organization, the team needs a solid understanding of what data an organization possesses, where it originates and how it moves, both inside and outside of the organization.
If these documents don’t exist, or are inaccurate, incomplete, or out of date, it’s a surefire indicator of cybersecurity woes.
Related: Integrate Your Cybersecurity Tools and Save Thousands of Dollars Per Year
How Can Organizations Address Problems Configuring Tools?
For many security professionals, misconfigured security tools are already in your control. If it is a technology configuration issue, then security professionals are in most cases empowered to go in and fix the tech.
But most of the time, it’s really about people and process issues. If that’s the case, then the focus needs to be on awareness and raising the red flag up the organization.
When you’ve found a problem, bring it to the attention of your manager. Sometimes, regulatory requirements dictate that once something has been acknowledged, it has to be addressed. That could be a very short path to driving some improvements.
That said, there’s the age-old adage that you come to leadership with recommendations, not problems. Don’t just throw rocks and talk about how much this technology or that system stinks — think about what could make it better.
Security leadership can also lean into vendors and professional services to help. This is a great point solution for individual packages. But still recognize that internal engagement will be needed, since not very many vendors will engage and willingly integrate their systems with competitor’s tools.
For non-IT people, it’s about recognizing when there are challenges. If security tools are inhibiting the business, understand that getting rid of security isn’t going to be the answer. Raise your concerns in a constructive way to discuss balancing what you need to do with security and ensuring that the company still has the ability to meet business objectives.
When Would an Organization Need to Call In Black Kilt For Help Configuring Tools?
Almost every organization out there has some amount of trouble with configuring their security tools. If that’s how you want to begin an engagement, Black Kilt is always happy to fix one or two tools. However, our real value is that we have the expertise and experience to come in and look at the bigger picture.
If you’re facing a systemic problem that has reaching effects across the organization, that’s where Black Kilt can really help. We assist in uncovering the extent of those problems and help to re-architect and redefine the entire security program to make it much more effective.
And we’re not just going to focus on the tech. We’re not here to sell you turnkey tools that will break and get thrown out in three or five years. We’re here to look at your program comprehensively and vendor agnostically. We can provide an honest assessment and recommendations from an outside perspective, including benchmarks and other industry best practices.
