What Can We Do About Increasing Complexity In Cybersecurity?

Uploaded on 2019-05-13 in FREE TO VIEW

Cybersecurity has never been more complicated, nor has the world ever faced a threat surface quite so large. User empowerment coupled with technology like smartphones and IoT devices has led to widespread chaos in IT departments around the world.

How exactly can we address this new landscape, both within our own organizations and in the wider enterprise? By holding our vendors, partners and ourselves above all fully accountable.

We’re on the verge of an era of hyperconnectivity—an age in which everything from our thermostats to our kitchen appliances to our infrastructure is being brought online. While such technological developments undoubtedly make both our personal and professional lives considerably more convenient, they also make cybersecurity more complicated than ever.

Let’s talk about what you can do about that. Here’s a bit of advice on how your organization can prepare itself to deal with increasingly complex infrastructure and an increasingly dangerous threat landscape.

Address the Cybersecurity Skills Shortage
One of the most pressing issues in the security space is the looming talent shortage. By 2021, there will be approximately 3.5 million unfilled positions in the cybersecurity industry. The problem is that technology has become more ubiquitous than any of us could have ever predicted. Even within a small to mid-sized business, there may be an overwhelming volume of devices for IT staff to manage, and that number grows with every passing day.

Factor in that we’re bringing more and more of our infrastructure online and relying more and more on the digital realm to store and manage sensitive data, and it quickly becomes obvious that we need more cybersecurity professionals. The problem is how exactly we can find them. Security engineers are, after all, still in short supply. The men and women with the necessary expertise are in such high demand that they basically have the pick of the litter when it comes to career selection.

The first step is to promote and support programs aimed at introducing more women to STEM careers, such as computer science. Although we’ve made great strides in that regard in recent years, women generally only make up 14 percent of the cybersecurity workforce in the United States. It’s still very much a boy’s club, and one with a huge image problem to boot.

Businesses should look beyond the horizon of traditional cybersecurity and computer science programs to find talent. Many skilled individuals might be promoted and trained up from within one’s own organization. Men and women working in fields as diverse as the military and accounting could potentially have a great deal to offer from a security standpoint. The key here is to get creative because only creativity will solve this problem.

Look toward Blockchain to Address IoT Security
IoT devices represent the largest security threat we’ve ever faced. This is a massive, distributed threat surface with millions of nodes, any of which could expose a security vulnerability. While working to establish a framework that will hold IoT vendors responsible for the security shortcomings of their products is certainly a nice thought, the reality is there will always be exploitable vulnerabilities in connected devices, particularly consumer endpoints.

The solution, oddly enough, may lie with the technology underneath infamous cryptocurrencies like bitcoin—blockchain. A decentralized distributed ledger designed to be both consistent and tamper-proof, it seems uniquely suited to the project of securing IoT. Ledgers could be used to store anything from encryption keys to sensitive data, but that’s just the tip of the iceberg.

Even as I write this, Samsung and IBM are hard at work devising a technology that will allow blockchain to create a network of IoT devices, allowing devices and endpoints to issue commands and to send messages to one another through a secure, decentralized, low-cost medium. Known as ADEPT, I expect it will be the first of many such technologies. In the meantime, you can do your part by practicing due diligence with enterprise IoT vendors and air-gapping all consumer endpoints on a separate network.

Use the Cloud to Streamline Operations
The more complicated your business processes and infrastructure, the greater the chance that there will be a security issue somewhere along the pipeline. Cloud computing can offer a solution. First and foremost, it can allow an organization to automate a wide range of manual processes, freeing up man-hours to focus on more pressing concerns, particularly in IT.

It can also simplify disaster recovery to a large extent, allowing for on-demand redundancy and easy, offsite replication of systems and data, enabling easier software updates. Moreover, it keeps all your data assets in a centralized, easy-to-manage location, at least from your own point of view. Many cloud vendors also offer cybersecurity as a service platforms, allowing businesses that might otherwise lack the necessary expertise and manpower to keep critical assets safe from unauthorized parties.

Let’s Hold Vendors, Partners and Ourselves More Accountable
Last but certainly not least, your business needs to understand one thing above all else: cybersecurity is no longer just a technological problem. It needs to be a business-wide directive, one which involves regularly updated processes and policies, frequent security audits and drills, and due diligence on any vendor with which your business may work. 

We need to hold our partners, vendors, and employees accountable, but no more than we need to hold ourselves accountable. If we aren’t taking the necessary measures to protect our own systems and data, we can’t expect our businesses to be secure. Similarly, if we’re not securing our own organizations, we can’t hold our vendors and partners to any sort of standard.

Cybersecurity Is Complicated, but It Doesn’t Need to Be
There was a time when corporate cybersecurity could be managed by a single business department. Those days are long behind us. Today, cybersecurity has grown more complicated than ever.

But that complication need not be insurmountable. Follow the advice we’ve outlined here and your business will have a leg up as cybercriminals continue to hone their exploitative methods. 

By Matthew Davis, a writer at Future Hosting

You Might Also Read: 

How Can Boardrooms Effectively Manage Cyber Risk?:

 

« Israel Responds To A Cyber Attack With Bombs
US Electric Grid Suffers Unexplained DDoS Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Assac Networks

Assac Networks

Assac Networks ShieldIT is an app that completely protects any BYOD smartphone from both tapping and hacking.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

At-Bay

At-Bay

At-Bay is the world’s first InsurSec provider designed from the ground up to help businesses tackle cyber risk head on.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Octo

Octo

Octo, an IBM company, is a technology firm dedicated to solving the Federal Government’s most complex challenges, enabling agencies to jump the technology curve.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Securaa

Securaa

Securaa is a comprehensive No Code Security Automation Platform. Smarter Security with Clarity and Control.