For the latest strategies on fighting cybercriminals, read my new blog, “Checkmate: How to Win the Cybersecurity Game.”
Throughout the last year, I have been collaborating with Sogeti to develop an overarching cyber security point of view. We’re proud to announce that the resulting (free!) e-book, “Staying Ahead in the Cyber Security Game,” was published this month. This practical guide aims to inspire and provoke new thoughts and insights even if you are familiar with the topic; for those new to security, it’s a primer on what matters today.
We purposely chose to be brief with this resource and focus on the most recent and relevant topics; we avoided extensive descriptions of well-known practices, such as how to practice security risk management or how to build an authentication model, even though they are still important today. We decided to look at the organization as a whole and what you should consider doing differently.
Cyber Security Takes Center Stage
Cyber security is front and center in the tech world today thanks to near continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding that organizations embrace new practices and skill sets.
Cyber security risk is now squarely a business risk — dropping the ball on security can threaten an organization’s future — yet many organizations continue to manage and understand it in the context of the IT department. This has to change.
Technology is continuously evolving, and there is no recent shift larger than the explosion of mobile device usage. People bringing their own devices to work is an unstoppable wave that is engulfing organizations, regardless of their policies. This increased demand for BYOD poses serious challenges for how security is managed in terms of technology, process and policy. These mobile devices seem to be the antithesis of everything security professionals have been trying to do to keep things secure: They are mobile, rich in data, easy to lose and connected to all kinds of systems with insufficient security measures embedded.
The final key security highlight is the increased focus on people and their behavior. It is a common understanding that with enough determination and skill, a persistent attacker will eventually be able to break any defense, but making this process difficult every step of the way not only reduces risk and the time in which organizations can respond to incidents, but also improves the ability to intercept them before the impact becomes substantive. In order to get security right, it must be made part of the most elementary fiber of the organization, both in technology — including security as part of the design — as well as in behavior, by giving employees secure options. Simply using fear as a tool to motivate the organization will get blunt very rapidly.