I’m going to discuss some of the ways businesses are shooting themselves in the foot, from a cybersecurity perspective.
I’ll leave out the obvious stuff – patches, user training, network monitoring, and so on. My assumption is that if you already have security personnel at your organization, they’re at least managing that much. Instead, I’m going to focus on a few things I frequently see businesses overlook, even with cybersecurity experts in their wheelhouse.
Not Involving Everyone In The Conversation
If your business is to be secure, you cannot operate in this fashion. You need to involve everyone from the C-suite down to rank-and-file staff in discussions and decisions about organizational cybersecurity.
It is important because it first helps you drive home each individual’s role in protecting corporate data. Engaging with staff beyond basic training programs and materials – talking openly to them about the risks your business faces and why they’re important in tackling those risks – can go a long way towards making them more mindful and conscientious.
Second, by involving each department in the cybersecurity decision-making process, you can work with them to implement protections and controls that don’t interfere with their workflows. Moreover, you can determine what tools and systems they need and implement them with security in mind.
Overlooking Design and Process Flaws In Security Testing
For this reason, security testing cannot just search through an application’s code for potential bugs. The testing process must also involve a thorough examination of the design and processes surrounding the software. Similarly, software controls are not enough to protect your business from security threats.
You also need to ensure that you’ve implemented the proper processes and policies, such as password requirements and acceptable use for mobile devices.
Short-Term Solutions For Long-Term Problems
“The major cybersecurity vendors are laser-focused on maintaining their brand, their image, and their cultural persona,” he explained. “With the exception of a few cases, that has become their albatross. Their lack of capacity to morph with the problem … has been problematic.”
A few years have passed since then, but I feel Kellerman’s statement still carries weight if only for the lesson it contains. Namely, if your organization does not have some long-term security roadmap in place, you have not taken every step necessary to protect your systems and data. You cannot simply focus on short-term concerns.
Instead, your security policies need to be designed with the future in mind. How will you adapt to changing technology? How will you onboard new innovations and rid yourself of legacy architecture?
These are questions you cannot afford to ignore.
About the Author :
About Anna Clarke
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.