Cybersecurity is in everyone’s mind these days. The stakes are getting higher, and the cybercriminals are getting smarter and smarter. The question is, are we indeed equipped to protect our data and our organization from these cybercriminals?
The days of installing a free version of McAfee or Norton Antivirus that you receive at conferences are way behind us as the complexity, and the tactics we are observing are genuinely clever but also very frightening. Many companies also lack the personnel (both workforce and expertise) to properly manage the cyber environments that they are tasked to lead.
Of course, some tools and technologies will help, but even then, it takes time & resources to evaluate, analyze, build a business justification, receive approval, then the difficult task of procuring and utilizing the tool as designed. This, of course, is with the hope that it’s enough for now. Is it truly enough?
We are currently drowning in terms like EPP (End Point Protection), CASB (Cloud access security brokers), Privileged account management/protection, MFA (Multifactor authentication), Sandbox, Ransomware/Malware mitigation, Advanced threat detection, etc. They all sound great, right? But the big question is, what is right for you and your organization? What is too much and what is not enough? These are the questions the IT leaders face day in and day out.
In my industry (healthcare), we are confined by strict regulatory requirements to ensure patient privacy. The cybercriminals know the value behind healthcare data, and that is why they target healthcare so frequently. I have received many pitches from many companies about how they can mitigate these risks. However, the critical question is, how do we navigate this world of limited resources and technical cybersecurity expertise to make effective use of these tools indeed?
One avenue could be to look at managed, professional security services. Specifically, “MSSP,” or Managed Security Service Provider. This type of service can provide true SOC operations (security operations center) without having to invest in technology, people and facilities. In some cases, the cost of engaging in an MSSP is a small percentage of the cost of building your security operations center. With the MSSP, you can obtain services like and MDR (Managed Detection & Response) that will help with alerts and mitigation when potential issues are detected. In my opinion, this is the “trench” in which the battle begins.
However, before you even bringing up terms like MSSP or MDR, you need to ask the tough question, “where is cybersecurity on our priority list?”. I certainly hope that you can confidently answer this with a “high”? Once you do, your next task is to educate and discuss the importance with your stakeholders. I have witnessed way too many IT professions who cry foul because their organizations don’t prioritize cybersecurity. However, I do wonder how these concerns will reach the stakeholders.
Is it in a threatening manner? Does it come out as a scare tactic? Or do they take the time to build stories and reason and with proper solutions so that the stakeholders have the confidence that you have done your due diligence? Thinking globally and strategically for the organization you are supporting, versus certain individuals going through there as a security professional, right?
Do this before an incident occurs. Be proactive and don’t blame anyone if an event occurs. It’s no one’s fault, and the key is to learn from the incident to be better and be more diligent about cybersecurity. Its known already that a silver bullet doesn’t exist out there. We also know that this is not just a technology issue, but the people issue, probably the majority of it.
So, what does the overall Security Program for your organization look like now? Education for your employees (to not click on that tempting link?), or how about the culture of the organization, to be more mindful of what you access and how you communicate? Then a strategy around how you can supplement these human behaviors with technology to help improve the workflows (filter spam to decrease your time on email, as an example) while protecting the data that you are managing?
Can you do all this on your own? Will your organization invest in such a large practice? Can it afford? Or, is an MSSP the right answer?
The bottom line is – we must do a better job in managing our cybersecurity perimeter. The question becomes, what makes the most sense for yours and my organization?
Best of luck to all of you and happy cyber hunting!