Remember the days when cyber security was nothing more than a firewall and some anti-virus software? Okay, perhaps just a little oversimplification, but for many companies those days did exist—and frighteningly enough some still do, but that's a different topic entirely. However, in 2020 and beyond, a few simple plug and play solutions are never enough.
My point here is that modern cyber security and the ever-present vigilance needed to keep companies, their people, and their data safe is nothing short of a war that never ends. And, as such, being at the ready is something that everyone needs to embrace, including those who seem to think that a firewall and anti-virus is enough—again I digress.
The most important factor to realize is that the complexity our modern infrastructures present—a fully connected world of data, apps, and access—has created a borderless world where it's now far more difficult to predict and thwart attacks.
Think of it this way. In the past, people protected themselves with forts: high walls and guards that could keep invaders at bay. The old idea of business and subsequent IT perimeters were no different. When everything resided inside the walls, a good firewall was for analogy sake a high stone wall, and your anti-virus and a few other tools were your guards. But what happens when those walls are taken away? No walls, no guards to guard the walls, hence no protection.
The issue now is that the perimeter is long gone. The castle walls have been traded in for small huts scattered around the countryside, the king's gold is stored everywhere a hut can be found, and the guards all left on vacation—this analogy is getting tired but you get the drift. From the introduction of the laptop, to the advent of the mobile phone, the creation of the cloud, and the adoption of Unified Communications (UC), the attack surface for cyber criminals is virtually endless.
Borderless IT has created the borderless warfront, and we are all now soldiers in the fight. This means that every device must be secured, every access point, every connection—the vulnerabilities are as endless as the data that we create every single day.
So how does one fight such a war? First, start with training your soldiers. Everyone in your company should be schooled in the art of cyber war—becoming skilled at spotting potential risks, understanding the importance of securing themselves as it pertains to devices, passwords, and connectivity habits, and so on.
Then, of course, there is your infrastructure. Just like in the military, not every soldier should have access to every plan and every state secret. Clearances are as important in the cyber world as they have been in the real world for centuries. This means that data and people should be matched through Privileged Access Management (PAM) on all fronts. And as people migrate from job to job, or when they leave the company, those privileges need to be changed and/or shut down immediately.
Now, let's not forget the data itself. Again, like the military, codes have been used to protect information. The same is true today when it comes to encryption. Making sure that data is encrypted in such a way that cyber criminals can't use it even if they were to get their hands on it, maintains a level of security needed to survive in today's digital world.
But that's not even close to covering all the bases. From how people connect to data, to the devices they have, to the tools used to continually scan anything and everything—the totality of your infrastructure from the largest servers to the very last USB key must be accounted for and monitored to ensure that the data contained is identified and kept safe from prying eyes.
Lastly, there is the constant vigilance needed to create a resilient stance to maintain and continually build upon the security defenses in place. Now, I’m by no means alluding to the idea that I have covered the thousands of possible cyber initiatives needed, this is just a blog after all.
The point here is to paint as vivid a picture as possible. A picture that explains the fact that we are all collectively fighting a never-ending war against cyber criminals. All silly medieval analogies aside, our castles are never safe from attack, all we can do is prepare in every way we can to hopefully win the battles as the never-ending war rages on around us.
November 3, 2022
In Case of Emergency… Have a Plan
When an emergency occurs, it’s too late to plan or rehearse the response. Fires, floods and other disasters don’t pause while you get ready to address them. Policies, plans and procedures for response must be in place long before they are needed.
October 13, 2022 | Jacqueline Davis
Leading the Race Against Threat Actors
Threat actors are getting smarter and will always find new ways to execute their payloads into an organization’s tech environment. To win the cybersecurity race, organizations need to learn more about some of the key trends in cybersecurity.
October 11, 2022 | Jacqueline Davis
Observations from SecTor 2022
Research suggests that most IT departments are not keeping pace with the changes in cybersecurity. Given the rapid adoption of the connected world, it’s no wonder there is a struggle to keep the pace.