Technology and Cybersecurity
Technology and Cybersecurity are the topic of IBJ’s most recent edition of the Thought Leadership Roundtable. Undoubtedly, the roundtable features the top Indianapolis tech leaders.
Now, let’s share the first question in the series, to learn more and continue reading the entire feature visit the Indianapolis Business Journal.
Let’s start with a discussion of cybersecurity. Every day there seems to be news of a data breach. What are organizations doing wrong and how can they protect themselves?
I think it’s less about what organizations are doing wrong, and more about not doing enough. The current approach to cyberrisk management is broken, particularly for small- to medium-sized businesses. It’s easy to get caught up in buying what appears to be the next big cybersecurity tool. But a random collection of security tools does not a cybersecurity program make. Today’s cyberrisk management must involve a comprehensive integrated strategy that first includes understanding your risk with regular vulnerability assessments, then mitigating risk by repairing the most severe areas of vulnerability, and finally, transferring residual risk with cyber insurance. Most companies are not considering all three parts of the strategy. Companies can take some very manageable first steps to protect their data, but the most important first step is knowing where your systems are weak.
The starting point is awareness. This is where the concept of “zero trust” comes into play. As a business community, we tend to default to a condition where we trust the networks we are using. If we, as business leaders, buy in to the idea of zero trust, we will drive awareness in our organizations and provide the leadership required to implement the cybersecurity measures necessary to protect our networks.
Unfortunately, cyberrisk is part of the landscape that business leaders have to navigate, and trends keep going in the wrong direction. Due to continual technology advancements and increased utilization of third-party platforms, achieving a 100% risk-free posture is not possible. What is possible is for organizations to develop a cybersecurity plan and to have the discipline to test, adjust and improve it as an ongoing business improvement process.
One of the most overlooked, yet most critical, aspects of a cybersecurity plan is around training and testing employees. It is hands down the best investment an organization can make and if properly managed can cut in half the overall threat risk to an organization. Beyond training, we are seeing a big increase in enterprises adopting endpoint detection & response and multi-factor authentication services, both of which are extremely effective at reducing overall cyberrisk.
Cybercrime is constantly evolving, so it should be no surprise that data breaches are happening with greater frequency and greater impact to organizations. If a system was put in place and hasn’t been monitored or maintained, it should be immediately reviewed.
A solid cybersecurity foundation focuses on securing two major categories: accounts and data. To improve account security, implement multi-factor authentication with centralized account management through use of single sign-on. This approach can reduce the risk of social engineering attacks such as phishing, which has emerged as the most predominant threat to an organization’s accounts. Data is secured through access authorization and authentication as well as data-loss prevention policies incorporating governance and technical controls, mobile device management, and zero-trust methodologies. None of this reduces the need for ongoing monitoring of these controls. Implementing a regular maintenance and security review cycle to audit accounts and data and remediate any oddities or areas of concern is imperative to cybersecurity.
Best practices to prevent a cybersecurity attack are not always well-understood throughout an organization. Also, hackers are getting better at what they do. For optimal protection, an organization must first acknowledge that they are potentially vulnerable. Second, it’s important to have qualified personnel on staff or on contract who continually look for innovative ways to negate potential threats.
Finally, visit the IBJ for the entire roundtable discussion. Most importantly, LEAP Managed IT is happy to provide insights and thoughts to the roundtable discussion. Finally, follow us on social media. So you don’t miss out on our Ridiculously Helpful Tips! Click to read the entire article.