×

Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook
Most organizations now acknowledge the importance of having a dedicated cybersecurity department. The digital realm has grown complex and ubiquitous enough that ignoring it at this point is akin to willful ignorance. At the same time, there are still plenty of blind spots that many businesses are either unwilling or unable to acknowledge.

I’m going to discuss some of the ways businesses are shooting themselves in the foot, from a cybersecurity perspective.

I’ll leave out the obvious stuff – patches, user training, network monitoring, and so on. My assumption is that if you already have security personnel at your organization, they’re at least managing that much. Instead, I’m going to focus on a few things I frequently see businesses overlook, even with cybersecurity experts in their wheelhouse.

cybersecurity

Not Involving Everyone In The Conversation

The days when cybersecurity could be the sole domain of a single department or individual are long behind us. Protecting corporate data and assets is everyone’s responsibility, and everyone has a stake in it. Yet for some reason, I still see organizations whose cybersecurity team operates in relative isolation, communicating with the wider organization only infrequently through the CSO.

If your business is to be secure, you cannot operate in this fashion. You need to involve everyone from the C-suite down to rank-and-file staff in discussions and decisions about organizational cybersecurity.

It is important because it first helps you drive home each individual’s role in protecting corporate data. Engaging with staff beyond basic training programs and materials – talking openly to them about the risks your business faces and why they’re important in tackling those risks – can go a long way towards making them more mindful and conscientious.

Second, by involving each department in the cybersecurity decision-making process, you can work with them to implement protections and controls that don’t interfere with their workflows. Moreover, you can determine what tools and systems they need and implement them with security in mind.

Overlooking Design and Process Flaws In Security Testing

It’s easy to forget that security testing is about more than finding bugs and vulnerabilities. Design flaws represent just as great a threat. Arguably, they may be even greater, as human error is almost always the root cause of a data breach.

For this reason, security testing cannot just search through an application’s code for potential bugs. The testing process must also involve a thorough examination of the design and processes surrounding the software. Similarly, software controls are not enough to protect your business from security threats.

You also need to ensure that you’ve implemented the proper processes and policies, such as password requirements and acceptable use for mobile devices.

Short-Term Solutions For Long-Term Problems

In a 2016 interview with Bank Info Security, Strategic Cyber Ventures CEO Tom Kellerman identified what he felt was a major blind spot in the cybersecurity industry. Namely, security firms and professionals alike were more focused on developing solutions to temporary problems rather than focusing on the long-term. There was, he maintained, a pronounced lack of long-term vision.

“The major cybersecurity vendors are laser-focused on maintaining their brand, their image, and their cultural persona,” he explained. “With the exception of a few cases, that has become their albatross. Their lack of capacity to morph with the problem … has been problematic.”

A few years have passed since then, but I feel Kellerman’s statement still carries weight if only for the lesson it contains. Namely, if your organization does not have some long-term security roadmap in place, you have not taken every step necessary to protect your systems and data. You cannot simply focus on short-term concerns.

Instead, your security policies need to be designed with the future in mind. How will you adapt to changing technology? How will you onboard new innovations and rid yourself of legacy architecture?

These are questions you cannot afford to ignore.

95%
OFF

comodo-square-logo

Comodo Positive SSL

$6.55

Vendor Price: $41.73

Coupon Code: ASCSCPSSL4

Get It Now

78%
OFF

rapidssl-coupon-square-logo

RapidSSL Certificate

$13.45

Vendor Price: $69

Coupon Code: ASRSRSSL2

Get It Now

95%
OFF

comodo-square-logo

Comodo PositiveSSL Multi-Domain

$17.54 – 2 SAN Included

Vendor Price: $41.73

Coupon Code: ASCSCPMD4

Get It Now

Final Thoughts

Even the most experienced security professional makes mistakes. Even the most security-conscious organization has a few areas in which it can improve. What I’ve listed above is just a sample – something to get you thinking about your own possible blind spots.

Related Articles:

About the Author :

About Anna Clarke

tim-mullahyTim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.

See Author’s Website

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More
Download Site Seal
comodo-trust-seal
SSL Checker