I constantly see cybersecurity articles, tips, and tricks on how organizations can reduce alert fatigue by automating, streamlining practices, performing triage better, and purchasing the newest, coolest, buzz-wordiest gear; however, rarely do I hear anyone recommend the tested and proven best practice of employee rotations. Not only are employee rotations a best practice to identify insider threats that are committing fraud, espionage, or other malicious activity, it can also be used to increase employee longevity/reduce turn-over, maintain proficiency, cross train, and build a culture of security understanding and mutual respect. I am not proposing the use of the HR or finance departments as log-jockeys/incident identifiers and first responders. I am proposing rotating ‘traditional IT’ personnel (from the network, database, server, workstation, voice, or other teams) into a security role and having the assigned team member in that security role rotated to the reciprocal job function for one month stint. This will provide the security team an opportunity to fully integrate into all functional technology areas while also permitting all functional technology areas the ability to fully integrate with the security team. This integration will permit the entirety of the functional technical technology departments fully learn what is considered suspicious, how things should be prepped for the security team, and how to better integrate security into their daily routines. Likewise, the security team will have a more complete and thorough understanding of the operations, tactics, and work-styles of other teams so as to be able to more easily identify unusual and suspicious events. This will also give security folks a chance to step away from alerts and diversify which prevents alert fatigue and burnout. The long known best practice of employee rotations can be used to reduce alert fatigue and burn out while maintaining (and possibly increasing) the security posture and increasing cross-departmental mutual respect and understanding. Rotate those employees to keep from losing those employees and to keep from overlooking a breach.
ANTHKOAndrew Kosakowski’s Official Digital Presence