What Can We Do About Increasing Complexity In Cybersecurity?

Cybersecurity has never been more complicated, nor has the world ever faced a threat surface quite so large. User empowerment coupled with technology like smartphones and IoT devices has led to widespread chaos in IT departments around the world.

How exactly can we address this new landscape, both within our own organizations and in the wider enterprise? By holding our vendors, partners and ourselves above all fully accountable.

We’re on the verge of an era of hyperconnectivity—an age in which everything from our thermostats to our kitchen appliances to our infrastructure is being brought online. While such technological developments undoubtedly make both our personal and professional lives considerably more convenient, they also make cybersecurity more complicated than ever.

Let’s talk about what you can do about that. Here’s a bit of advice on how your organization can prepare itself to deal with increasingly complex infrastructure and an increasingly dangerous threat landscape.

Address the Cybersecurity Skills Shortage
One of the most pressing issues in the security space is the looming talent shortage. By 2021, there will be approximately 3.5 million unfilled positions in the cybersecurity industry. The problem is that technology has become more ubiquitous than any of us could have ever predicted. Even within a small to mid-sized business, there may be an overwhelming volume of devices for IT staff to manage, and that number grows with every passing day.

Factor in that we’re bringing more and more of our infrastructure online and relying more and more on the digital realm to store and manage sensitive data, and it quickly becomes obvious that we need more cybersecurity professionals. The problem is how exactly we can find them. Security engineers are, after all, still in short supply. The men and women with the necessary expertise are in such high demand that they basically have the pick of the litter when it comes to career selection.

The first step is to promote and support programs aimed at introducing more women to STEM careers, such as computer science. Although we’ve made great strides in that regard in recent years, women generally only make up 14 percent of the cybersecurity workforce in the United States. It’s still very much a boy’s club, and one with a huge image problem to boot.

Businesses should look beyond the horizon of traditional cybersecurity and computer science programs to find talent. Many skilled individuals might be promoted and trained up from within one’s own organization. Men and women working in fields as diverse as the military and accounting could potentially have a great deal to offer from a security standpoint. The key here is to get creative because only creativity will solve this problem.

Look toward Blockchain to Address IoT Security
IoT devices represent the largest security threat we’ve ever faced. This is a massive, distributed threat surface with millions of nodes, any of which could expose a security vulnerability. While working to establish a framework that will hold IoT vendors responsible for the security shortcomings of their products is certainly a nice thought, the reality is there will always be exploitable vulnerabilities in connected devices, particularly consumer endpoints.

The solution, oddly enough, may lie with the technology underneath infamous cryptocurrencies like bitcoin—blockchain. A decentralized distributed ledger designed to be both consistent and tamper-proof, it seems uniquely suited to the project of securing IoT. Ledgers could be used to store anything from encryption keys to sensitive data, but that’s just the tip of the iceberg.

Even as I write this, Samsung and IBM are hard at work devising a technology that will allow blockchain to create a network of IoT devices, allowing devices and endpoints to issue commands and to send messages to one another through a secure, decentralized, low-cost medium. Known as ADEPT, I expect it will be the first of many such technologies. In the meantime, you can do your part by practicing due diligence with enterprise IoT vendors and air-gapping all consumer endpoints on a separate network.

Use the Cloud to Streamline Operations
The more complicated your business processes and infrastructure, the greater the chance that there will be a security issue somewhere along the pipeline. Cloud computing can offer a solution. First and foremost, it can allow an organization to automate a wide range of manual processes, freeing up man-hours to focus on more pressing concerns, particularly in IT.

It can also simplify disaster recovery to a large extent, allowing for on-demand redundancy and easy, offsite replication of systems and data, enabling easier software updates. Moreover, it keeps all your data assets in a centralized, easy-to-manage location, at least from your own point of view. Many cloud vendors also offer cybersecurity as a service platforms, allowing businesses that might otherwise lack the necessary expertise and manpower to keep critical assets safe from unauthorized parties.

Let’s Hold Vendors, Partners and Ourselves More Accountable
Last but certainly not least, your business needs to understand one thing above all else: cybersecurity is no longer just a technological problem. It needs to be a business-wide directive, one which involves regularly updated processes and policies, frequent security audits and drills, and due diligence on any vendor with which your business may work. 

We need to hold our partners, vendors, and employees accountable, but no more than we need to hold ourselves accountable. If we aren’t taking the necessary measures to protect our own systems and data, we can’t expect our businesses to be secure. Similarly, if we’re not securing our own organizations, we can’t hold our vendors and partners to any sort of standard.

Cybersecurity Is Complicated, but It Doesn’t Need to Be
There was a time when corporate cybersecurity could be managed by a single business department. Those days are long behind us. Today, cybersecurity has grown more complicated than ever.

But that complication need not be insurmountable. Follow the advice we’ve outlined here and your business will have a leg up as cybercriminals continue to hone their exploitative methods. 

By Matthew Davis, a writer at Future Hosting

You Might Also Read: 

How Can Boardrooms Effectively Manage Cyber Risk?:

 

« Israel Responds To A Cyber Attack With Bombs
US Electric Grid Suffers Unexplained DDoS Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Mosaic Insurance

Mosaic Insurance

Mosaic is a next-generation global specialty insurer distinguished by an exceptional team, agile technology, and a structure that combines Lloyd’s of London strength with a global distribution network

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.