Guest written by Lauro Chavez, Silent Sector Cyber
Cyber-crime is here to stay. Neither technology, compliance frameworks, nor government regulation will stop the threat. It is a fight we didn’t choose but has forced business leaders to take new measures to protect their organizations.
Cyber-security is a very misunderstood topic, and the lack of understanding often causes poor decisions resulting in damaging breaches, unexpected downtime, and loss of productivity. Fortunately, business leaders don’t need a technology background and years of training in order to start making better decisions and reduce cyber risk.
It starts with leadership
Business leaders must start by understanding the fact that cybersecurity is now a standard requirement for doing business. Leaders should enable their IT organizations to prepare for a potential breach, accepting that this is a significant business risk and must be treated as such.
It’s not about being “un-hackable”
We must eliminate the idea that, “Everything is hackable, so why try to protect ourselves?” The majority of risk comes from cybercriminals seeking the quickest and easiest way to make money. Cybercriminals are looking for the easy targets, the “low hanging fruit.” Effective cybersecurity is not about being impenetrable. It is about being a harder target than others, causing cybercriminals to move on.
People and processes before technology
Cybersecurity is not just about technology. People are the most vulnerable element. Effective processes and a high level of awareness training significantly reduce the risk of cyber-attack.
Maximize what you have before investing in new technologies
Thousands of cyber-security hardware and software solutions are on the market today. However, many organizations haven’t maximized the security capabilities of the technologies they already own. Be sure you’re getting the most out of your current technologies before spending time and budget on new solutions.
It’s one thing to talk about cyber-security, it’s another to have it in writing
The importance of documented and enforced security policies and procedures cannot be overlooked. Cyber-security policy and procedure documentation proves to your employees and clients that your organization has thought through the risks and taken proactive security measures.
Users are guilty until proven innocent
Unfortunately, we must treat the use of technology in a manner opposite to our justice system’s approach. Rather than being innocent until proven guilty, technology users are treated as guilty until proven otherwise. Cybercriminals will continue to seek opportunities to inflict damage for profit, so we must always validate our users’ identities and limit access to what is required to perform their specific roles and job functions.
While cyber-security is a complex and often misunderstood topic, the concepts we touched on above have helped thousands of business leaders make better decisions, reduce business risk, and even prevent catastrophic breaches.
About Silent Sector
Silent Sector is a cyber-security services firm providing resources and expertise to improve security posture and reduce risk. We are a U.S. based firm serving companies ranging from 50 to 5,000 employees, across many industries. Silent Sector also provides compliance support for a variety of needs including NIST, PCI, HIPAA, SOX, and more.