In the past month, I’ve visited several companies in the throes of digital transformation, including Canon, Konica and First National Bank of Long Island. Most of the folks I talked with never used that phrase, but each company knows that they need to change their entire perspective and evolve by using the latest technologies to change how they do business. They’re not just talking about modernizing equipment; they’re talking about modernizing their processes.

Each company has a massively successful history. But like all good companies, they’re realizing that even if they’ve been in business for 80 years, they can’t just sit back and keep doing the same thing over and over again and expect the same level of success. They all have enough information to know exactly how they need to reinvent themselves to meet customer demands. For example, both Konica and Canon realize that they’re in the intellectual property management business just as much – if not more – than they are in the imaging and copying business.

As a result, they’ve got to focus on upskilling their employees to understand the importance of managing information. This means that their employees need to move away from supporting digital devices (e.g., cameras, photocopiers, printers) and toward understanding data storage, data analysis and privacy.

A Secure Digital Transformation

None of these companies are trying to figure out what they want to be when they grow up. They know that. But, many are struggling, frankly, about how they will transform themselves securely as they go about growing up. It’s not a trivial task.

For example, most of the industry folks I’ve talked with belong to multinational companies and conduct business in Europe. Therefore, they’ve got to conform to the European Union’s General Data Protection Regulation (GDPR). Even if they didn’t, organizations are learning very quickly that they need to get their cybersecurity ducks in a row so that they can earn (or in some cases, win back) the trust of their customers.

Too often, organizations have taken a fear-based approach to security. I mean, how often have you seen advertisements or news about security show an image of the shady, shrouded bad guy in front of a computer? Those images kind seem like a poor combination of the ​Unabomber and a hoodie-wearing teenager. It’s a completely inappropriate approach to security.

Some of the companies I’m talking with are taking a much better approach: they’re applying real, customized security metrics. They’re making data-driven decisions about where to spend precious, limited security resources on new digital resources and processes.

Over the past year, CompTIA has conducted research into how the help desk can provide relevant information to companies concerning their security posture. I presented on this topic at ChannelCon 2017 and wrote about it for Help Desk International. I’ll also be providing an updated report at this year’s HDI 2018 in Las Vegas.

3 Metrics to Help Focus Cybersecurity Efforts

But there’s more to the story. You see, I’ve spoken with a couple of chief information officers (CIOs) and vice presidents of security. They like the idea of using metrics at the help desk to help focus cybersecurity efforts. They’ve found that the following metrics are very useful at helping pivot resources.

1. Sharp Increases in the Number of Help Desk Tickets Concerning Any One Piece of Malfunctioning Hardware Device

It’s possible – and even likely – that surges in activity are evidence of a security breach. Too often, such increases were sometimes written off as a bad device or vendor problem. Nowadays, the best CIOs and chief information security officers (CISOs) are delving into these tickets for evidence of possible security issues. After all, most ransomware attacks have targeted not only end users, but also the devices that end users, well, use: printers, imaging devices and so forth.

2. Increase in Problems with Cloud-Based Solutions

One company found it reduced the amount of time between an initial security breach and full containment from around 42 days down to less than a day by tracking, tracing and analyzing problems with cloud services.

How?

Because the problems didn’t have to do with issues with the cloud provider. The company’s analysis activities pointed out a simple technical fact: it was using single-factor authentication to access cloud services. This led to long-term advanced persistent threat (APT) hacks. By analyzing its help desk tickets, the company was able to realize more quickly that it needed to use multifactor authentication. By moving to multifactor authentication, it cut off one of the major ways in which long-term hackers were entering the system.

I’m sure experienced security professionals are thinking to themselves, “Well, we all know that multifactor – or at least two-factor – authentication is essential when it comes to the cloud. But many institutions need to learn their lessons the hard way. And if it takes analyzing help desk tickets to get to a proactive security solution, then I’m good with that!

3. Use of IoT Devices

We’re way past the day of whether or not bring your own device (BYOD) is a good or bad idea or wondering if I should use that USB drive I found in the parking lot. We’re now in a situation where internet of things (IoT) devices abound. How can the help desk/service desk help us track these devices?

Today’s organizations are much more analog in nature than you might think: they still push a lot of real, honest-to-goodness paper to get things done. A real estate CIO told me that they still use old-fashioned fax servers to complete contracts. Fax servers! Yes – they still transfer contracts via paper, basically. When I was told this nearly 20 years ago, I was amazed. But to hear the same thing today? It’s just . . . jaw-dropping.

But that’s not going to last long. Blockchain is going to storm in. We’re starting to see real cloud adoption that is transforming how companies work. Data analytics are now being baked in to hardware intellectual property management devices. We’re going to see companies leap frog their way into a digital future.

It’s the cybersecurity professional’s job more than ever before to learn about the security implications of these major leaps into the future. This means that cybersecurity pros will need to grab solid metrics and data from wherever they can.

I would argue the help desk is a great place to start. It’s not the only place, but it’s at least as useful as the information you’ll get from a security information and event management (SIEM) tool. If you combine both approaches, I’m confident that you’ll be able to help your company move forward and get past fear-based motivations and more into data-driven analytics.