Merry Cybersecurity Awareness Month! It’s going well, isn’t it? I think we are collectively more aware than we’ve ever been about the risk we face, as consumers and also as professionals.
Why do so many individuals and businesses live in fear of cyber attacks? Many customers I talk to still feel they are vulnerable in a dozen different ways. They might believe parts of their security stack are sufficient but also that attackers nowadays are insidious, capable, and determined. Cyber criminals are motivated by money and power; hacktivists have a cause to champion; state-sponsored attackers’ goals range from espionage to intellectual property theft to political and military impact.
Read more from Justin: Cybersecurity Guidance from the Top
We at CBTS believe that a strong security program that protects your data and assets will involve a basic set of practices that are essential—no matter how large or small, what industry you’re in, or what data you are responsible for. Those practices won’t save you from every attack, but you’ll certainly be better defended against opportunistic, less-skilled adversaries.
The challenge for most organizations is that those practices are tough to start. They require the right tools, people to run them, and rigorous procedures that will ensure their effectiveness. We see businesses start moving in the direction of these practices but over time, devotion to them wanes as other priorities crop up, or other projects demand the attention of the staff.
Outsourcing some of the effort of security operations in response to this challenge has been a helpful approach. It reminds me of an episode of Star Trek: The Next Generation (of course).
In it, the crew of the USS Enterprise is subjected to a virus causing them to slowly devolve into other lifeforms—their behavior begins to resemble that of a primate, a spider, a reptile. One of the crew, Lt. Worf, begins to exhibit violent tendencies. After Worf injures another crewmember, he goes into hiding. In command of the Enterprise, Commander Riker wants to find him, but the effects of the virus are affecting Riker’s brain, and he’s not thinking clearly. When Lt. Cmdr. Geordi LaForge comes and asks to help find Worf, the exchange is pretty funny:
LAFORGE: Commander, I’ve got seven security teams out hunting for Worf, but for some reason sensors are having a difficult time locking into him. I’ve called for a level two security alert. Do you think we should go to a Level One?
RIKER: (Pauses, clearly stumped)… I don’t know. What do you think?
LAFORGE: I think we should.
RIKER: Okay. Sounds good. …Then you’ll take care of that…security thing?
LAFORGE: Yes, sir. I will
Often this is what we face as a security services company: Customers having trouble knowing what security practices to implement and how to implement them. This is why we’ve built our Managed Security team—to provide a set of essential security practices to our customers, consumed on an as-a-service basis.
These essential practices—security monitoring, vulnerability management, endpoint protection, multifactor authentication, and backups—should be a part of every company’s core security function. Can you imagine a front door without a lock, or a bank without security cameras? Going into 2022, any business with information that resides on computers connected to a network must invest in these practices or face serious risk of theft, ransomware, and other threats. Interested, but don’t know where to start? We’re having a webcast to talk more about these practices, as well as some tools that work well to map out a strategy to start doing them. Register for the webcast here.
Read more blogs from Justin: