A Guide for CISOs to Streamline Cybersecurity Continuous Control Monitoring (CCM)

‘A stitch in time saves nine.’ 

You’ve probably heard that famous saying before. But relative to cybersecurity and averting data breach losses, how much of it holds?

IBM’s 2022 Cost of a Data Breach Report gave hints. Per their research, data breaches cost organizations a whopping US$4.35 million on average. Interestingly, the study revealed insight into how ‘a stitch in time saves nine’ in today’s endless battle against cybercriminals.

It found that companies using automated cybersecurity tools cut those data breach losses by up to US$3 million. More importantly, they were able to detect and respond to cyber threats much faster:

These findings beg a question: 

What automated tools and processes can CISOs deploy to continuously monitor and detect data breaches before they cause harm?  

The Case For Continuous Cybersecurity Monitoring 

Andrew Burt, Luminos’ Managing Partner, in his article for the Harvard Business Review, wrote: 

Here’s why I agree with Andrew. 

Trying to avert cybercrime, companies spent a staggering US$150 billion on cybersecurity in 2021. But this humongous amount wasn’t enough to stop cybercriminals. The next year, in 2022, 4,100 disclosed data breaches that exposed 22 billion records still happened.

It didn’t end there. 

What was more worrying is how long it took organizations using traditional cybersecurity programs to detect those disclosed breaches. Per the IBM study cited above, on average, organizations needed 297 days – about 9 months – to identify and contain a breach. 

This, despite the humongous amounts spent on cybercrime, calls for more proactive measures. And that’s because monitoring, detecting, and responding more quickly to cyber threats is now a necessity. Gartner’s Security and Risk Analysts call this necessity cybersecurity continuous control monitoring (CCM).

Their report noted:

By adopting CCM, enterprise security executives can proactively improve their company’s cybersecurity posture while being more productive. But achieving these desirable outcomes is no mean feat. 

For starters, one must know: 

1. The phases of implementing CCM, and 
2. What to look for in a CCM-enabling platform. 

The rest of this article explores both hurdles. As we proceed, you’ll see how Cyber Sierra, an emerging CCM platform, fits the bill for enterprise CISOs and security executives. 

The Phases of Implementing Cybersecurity Continuous Control Monitoring (CCM)

Effective implementation of enterprise cybersecurity continuous control monitoring follows seven lifecycle phases:

As shown, CCM is a never-ending, clockwise endeavor with a lot of to-dos at each phase. Take the first, ‘Analyze Control Objectives.’ Its end result would be a succinct, ongoing analysis of your organization’s cybersecurity controls’ objectives. 

To do it effectively, your security team must perform risk assessments, a gruesome process with steps such as: 

• Mapping all the IT assets in your cloud and network environments, as well as those of third-party vendors. 
• Outlining and categorizing all technical and non-technical security controls across mapped assets and environments.  
• Identifying vulnerabilities and gaps in existing security controls relative to mapped assets across cloud environments. 
• Determining what security controls need to be in place. 

Again, all four steps above belong to just the first phase of implementing continuous control monitoring. Some other phases of the CCM lifecycle have more steps. And for ongoing control monitoring to be effective, teams must implement all steps across all phases. 

As you can imagine, that’ll take a lot of processes, procedures, and DevSecOps professionals to pull this off, if done manually. But with a CCM tool, security executives can automate their way to the benefits of CCM more efficiently.

 As observed by Gartner: 

And that brings us to our 2nd hurdle: What should you look for in an enterprise cybersecurity continuous monitoring (CCM) tool? 

What to Look for in a Cybersecurity CCM Tool 

A CCM tool should support implementation activities throughout all phases of the continuous control monitoring lifecycle. But as we’ve seen, that includes seven phases and a long list of steps. Trying to ascertain if a tool ticks off all steps will be a stretch. 

To this end, it’s best to peek into the suitability of an enterprise CCM tool by ensuring it focuses on two predominant control-monitoring scenarios: 

1. Asset-based monitoring, and
2. Framework-based monitoring. 

Let’s briefly explore each of these. 

Asset-Based Monitoring 

Effective asset-based monitoring can take care of phases 1–4 of the continuous control monitoring lifecycle. This is because by mapping all IT assets across your organization and third-party vendor ecosystem, your security team can: 

1. Perform risk assessments on connected apps
2. Evaluate possible monitoring implementation options based on your company’s service portfolio 
3. Determine the most effective security controls to implement 
4. Create relevant control policies, frameworks, and procedures. 

Achieving all this takes a few clicks with our interoperable cybersecurity and compliance automation platform, Cyber Sierra. For instance, you can map all IT assets used across your company and 3rd party vendor ecosystem by integrating them with Cyber Sierra: 

After integrating all apps and systems used across your organization, the Cybersecurity Module in Cyber Sierra lets you scan one or all of them for vulnerabilities. 

This involves a two-step process: 

Each performed scan doubles as a risk assessment of the IT assets integrated with Cyber Sierra. This is because your team can see all vulnerabilities and risks on those assets in one dashboard. 

Here’s a peek: 

This insight empowers security teams to:

• Determine the most effective security controls to implement based on identified risks and vulnerabilities. 
• Create, upload, and enforce relevant control policies, frameworks, and procedures. 

The latter is also possible with Cyber Sierra’s extensive Governance, Risk, and Compliance (GRC) module: 

Framework-Based Monitoring

The 2nd predominant capability a good cybersecurity CCM tool should enable is framework-based monitoring. This means it must be able to:

1. Continuously monitor and test implemented security policies, procedures, and frameworks, and
2. Ensure they are effectively preventing compliance failures and alerting security teams on emerging risks in real-time.

Essentially, it should take care of the final phases of the cybersecurity continuous control monitoring lifecycle. And this is only possible if the CCM tool can automatically ingest data from IT assets and calculate risks against defined security controls. Also, it should be able to refresh this ingested data, say, hourly or daily. 

The Risk Register on Cyber Sierra ticks these boxes. 

It ingests data from your IT assets against security policies you can upload and define in the Compliance Automation (GRC) module. It refreshes in real-time automatically, ensuring continuous monitoring of security controls and alerts you of risks that could lead to a breach. 

Take the product shot below: 

As shown, our Risk Register detected threats in a GSuite asset category down to individual users. It automatically generates an alert and risk score when a user links an unauthorized external app to their GSuite account using SSO. It also auto-identifies potential data threats. 

The Right Continuous Control Monitoring Vendor

According to M. M. Rahman, CISA: 

This is saying that the right CCM vendor or tool should double as an operable Security Operations Center (SOC) within your organization. Essentially, beyond integrating all apps and IT assets used, your entire security team should be able to leverage it for detecting and mitigating threats before they cause harm. 

Again, Cyber Sierra’s interoperable cybersecurity modules tick this crucial box: