The National Cyber Security Alliance found that 60% of companies are unable to keep their business open six months after a cyber attack. It should be obvious by now that security threats should always be a high business priority and in most cases cybersecurity should be the highest order of business. Faulty prioritization is one of the reasons we often see cybersecurity technologies failing organizations. While every organization is different and has different needs, in an ever-evolving threat landscape where attacks can come from anywhere at any time, cybersecurity programs must always lead the way and be built for modern, innovative attacks. If your cybersecurity program isn’t leading, it’s likely bleeding and will be undone when a nefarious event happens.
Cybersecurity is not for the faint of heart. Above all, good cybersecurity requires tremendous organizational will, but it also requires disciplined efforts, enhanced knowledge, investment in resources, proper planning, budgetary commitment, operations structuring, mission and vision statement. If the organization doesn’t have what it takes, it needs to find a partner who can master it.
IoT and mobile incidents
There is an uneasy feeling that comes from the news of a major breach, especially when the affected brands are technologically focused. Last summer, we talked about an IoT winter coming when news of a breach in Peloton hit the press. Stories of cyber hacks in emerging IoT markets accumulate from there. It’s only the beginning of this winter and the reason for that is that cybersecurity remains a business afterthought for high-flying tech companies.
IoT nascent companies are not alone. Last year, T-Mobile, one of the most popular mobile phone operators in the US, was the victim of a massive data breach. Significant data was lost on the order of 7.8 million existing customers and 40 million leads and past customer records.
While the damage did not directly include financial data, the consumer impact of the breach serves as a sign of the uneven nature of cybersecurity practices that exist across the industry. Consumer credit companies such as Experian have notoriously lost a lot of data due to a major breach. Of course, the state of cybersecurity practices has improved in all of these organizations, but it is fair to point out that all of these organizations had some form of traditional corporate cybersecurity at the time of the incident. This traditional cybersecurity mindset has lost and will continue to be missing.
Living on the edge of threats
Whether you’re a consumer or a business, we all constantly live on the edge of an abyss of cyber threats, whether we know it or not. Hackers work at such a fierce speed of evolution and scale that it requires us to always be in an equal and greater posture of cybersecurity capabilities. If an organization doesn’t prioritize security and has it at the heart of its mission, it’s hard to imagine that the organization is working on the edge of the latest security.
Mobile technology companies have not relied on cybersecurity but have fallen into a position where security is an expectation. IoT companies, the kind that want to connect their toasters to the web, cannot work with cybersecurity. Someone needs to focus on cybersecurity as a core mission for these organizations if we are to keep our data safe.
Sliding in safety
The biggest cybersecurity gap is known as complacency. When a business network hasn’t been breached recently, it’s easy to continue with the same outdated security measures. It’s almost natural to lose focus, but under these conditions it’s only a matter of time before sensitive customer data is in the hands of a cybercriminal.
Organizations that want to be safe and deal with risk must build their security from the ground up. This can be a difficult task to perform when the core of the company’s products and services is driven by speed to market and technical innovation. This is where companies should seek help from experts who live and breathe cybersecurity.
Structuring a business cybersecurity strategy
Based on Maslow’s hierarchy of needs, we all want a safe and secure physical and virtual environment. So does all the convenient devices and the ability to check in on our Wi-Fi-enabled crock pots. So let’s build these resources correctly.
For this, we must deconstruct the service and the product to its digital essence. We must analyze components of where the data is, what the data is, what data is valuable, who can access it, why and when. We must also consider how long we keep the data. For example, you probably don’t need data from seven-year-old non-customers, as reported in the T-Mobile incident. If needed for any reason, it should be as secure and inaccessible as possible.
In addition, we must build on the concepts of comprehensive security. The mission of this approach is to approach the spectrum of compute, endpoint, application, and user resources with full awareness. In essence, the security protocols for each organization must be universal, and the protocols need ongoing maintenance and uninterrupted monitoring. Protocols include system and application updating, service and security assurance, smart guardrails, and many other components that are part of the comprehensive security approach. In most cases, these services are best overseen for industry partners who specialize in secure systems and compliance.