This is not a political post…and cyber security personally doesn’t care who you voted for. This article is about IT security… and what every CEO, CIO, CISO and IT Admin should have learnt and keep learning.
Here are the four things that really stood out to me after the election with regards to IT security:
- Your email is not secure enough
- You need IT security everywhere
- You need a real cyber security strategy
- Cyber breaches have consequences
PricewaterhouseCoopers The Global State of Information Security® Survey 2017 shows that on average only half of organizations have tools in place to detect or react to a cyber-attack.
Your email is not secure enough
The most used application in most organizations is not secured enough. I have seen organizations use an Enterprise Mobility Management (EMM) solution for mobile email, an Identity and Access Management (IDaaS) solution for Office 365 and then give folks direct access to email via Outlook Web Access (OWA) or a mail client on a PC. That’s like installing a security system at your house and then leaving a key with the security code under the doormat. Almost every piece of corporate IP is transmitted via email. Treat it as if it’s the source code to your most important product.
You need IT security everywhere
No one sits in an office in front of a PC connected to an ethernet cable talking to a server inside that building anymore. You must re-think security. Perimeter security just isn’t enough. Security should be inserted everywhere. From the user, to the device, to the network, to the datacenter or cloud service, to the hypervisor that resource is running on, down to the database that resource is communicating to. If you encounter a cyber-breach you should be able to limit the cyber-attack footprint from that user.
You need a real cyber-breach strategy
Maintaining governance, risk management and compliance should be a key part of your strategy. Make your infrastructure secur-ABLE. Assess, Build, Launch, and Enhance that strategy continually. Cyber-threats are constantly evolving. Instead of looking at it as an arms race, align it to your corporate strategy. Leverage security as a competitive advantage not only to find out who’s trying to access your infrastructure but as way to create workforce agility, productivity, and efficiencies by finding out how your IT infrastructure is being accessed.
Cyber security breaches have consequences
Breaches have consequences. Just like the 2016 US elections these breaches can have long term consequences. The amount of time spent dealing with the consequences of a breach may not me worth the upfront security investment. Your security budget should reflect the potential impact a cyber-breach would have on your organization. This includes but it not limited to bad publicity, losing business partners, losing existing customers, deterring new customers, disrupting business operations, increasing operating costs, financial loss, litigation, the list goes on. Spend wisely my friends.
Solving the IT security challenge doesn’t have to be daunting. It all boils down to a few things. Building security from the ground up in your application and data infrastructure, securing user access and identities (password management does not count) with biometrics or two-factor authentication, analyzing devices including internal endpoints and IoT devices that access any internal resources, and continually evolve governance, risk management and compliance standards.