What Can We Do About Increasing Complexity In Cybersecurity?

Uploaded on 2019-05-13 in FREE TO VIEW

Cybersecurity has never been more complicated, nor has the world ever faced a threat surface quite so large. User empowerment coupled with technology like smartphones and IoT devices has led to widespread chaos in IT departments around the world.

How exactly can we address this new landscape, both within our own organizations and in the wider enterprise? By holding our vendors, partners and ourselves above all fully accountable.

We’re on the verge of an era of hyperconnectivity—an age in which everything from our thermostats to our kitchen appliances to our infrastructure is being brought online. While such technological developments undoubtedly make both our personal and professional lives considerably more convenient, they also make cybersecurity more complicated than ever.

Let’s talk about what you can do about that. Here’s a bit of advice on how your organization can prepare itself to deal with increasingly complex infrastructure and an increasingly dangerous threat landscape.

Address the Cybersecurity Skills Shortage
One of the most pressing issues in the security space is the looming talent shortage. By 2021, there will be approximately 3.5 million unfilled positions in the cybersecurity industry. The problem is that technology has become more ubiquitous than any of us could have ever predicted. Even within a small to mid-sized business, there may be an overwhelming volume of devices for IT staff to manage, and that number grows with every passing day.

Factor in that we’re bringing more and more of our infrastructure online and relying more and more on the digital realm to store and manage sensitive data, and it quickly becomes obvious that we need more cybersecurity professionals. The problem is how exactly we can find them. Security engineers are, after all, still in short supply. The men and women with the necessary expertise are in such high demand that they basically have the pick of the litter when it comes to career selection.

The first step is to promote and support programs aimed at introducing more women to STEM careers, such as computer science. Although we’ve made great strides in that regard in recent years, women generally only make up 14 percent of the cybersecurity workforce in the United States. It’s still very much a boy’s club, and one with a huge image problem to boot.

Businesses should look beyond the horizon of traditional cybersecurity and computer science programs to find talent. Many skilled individuals might be promoted and trained up from within one’s own organization. Men and women working in fields as diverse as the military and accounting could potentially have a great deal to offer from a security standpoint. The key here is to get creative because only creativity will solve this problem.

Look toward Blockchain to Address IoT Security
IoT devices represent the largest security threat we’ve ever faced. This is a massive, distributed threat surface with millions of nodes, any of which could expose a security vulnerability. While working to establish a framework that will hold IoT vendors responsible for the security shortcomings of their products is certainly a nice thought, the reality is there will always be exploitable vulnerabilities in connected devices, particularly consumer endpoints.

The solution, oddly enough, may lie with the technology underneath infamous cryptocurrencies like bitcoin—blockchain. A decentralized distributed ledger designed to be both consistent and tamper-proof, it seems uniquely suited to the project of securing IoT. Ledgers could be used to store anything from encryption keys to sensitive data, but that’s just the tip of the iceberg.

Even as I write this, Samsung and IBM are hard at work devising a technology that will allow blockchain to create a network of IoT devices, allowing devices and endpoints to issue commands and to send messages to one another through a secure, decentralized, low-cost medium. Known as ADEPT, I expect it will be the first of many such technologies. In the meantime, you can do your part by practicing due diligence with enterprise IoT vendors and air-gapping all consumer endpoints on a separate network.

Use the Cloud to Streamline Operations
The more complicated your business processes and infrastructure, the greater the chance that there will be a security issue somewhere along the pipeline. Cloud computing can offer a solution. First and foremost, it can allow an organization to automate a wide range of manual processes, freeing up man-hours to focus on more pressing concerns, particularly in IT.

It can also simplify disaster recovery to a large extent, allowing for on-demand redundancy and easy, offsite replication of systems and data, enabling easier software updates. Moreover, it keeps all your data assets in a centralized, easy-to-manage location, at least from your own point of view. Many cloud vendors also offer cybersecurity as a service platforms, allowing businesses that might otherwise lack the necessary expertise and manpower to keep critical assets safe from unauthorized parties.

Let’s Hold Vendors, Partners and Ourselves More Accountable
Last but certainly not least, your business needs to understand one thing above all else: cybersecurity is no longer just a technological problem. It needs to be a business-wide directive, one which involves regularly updated processes and policies, frequent security audits and drills, and due diligence on any vendor with which your business may work. 

We need to hold our partners, vendors, and employees accountable, but no more than we need to hold ourselves accountable. If we aren’t taking the necessary measures to protect our own systems and data, we can’t expect our businesses to be secure. Similarly, if we’re not securing our own organizations, we can’t hold our vendors and partners to any sort of standard.

Cybersecurity Is Complicated, but It Doesn’t Need to Be
There was a time when corporate cybersecurity could be managed by a single business department. Those days are long behind us. Today, cybersecurity has grown more complicated than ever.

But that complication need not be insurmountable. Follow the advice we’ve outlined here and your business will have a leg up as cybercriminals continue to hone their exploitative methods. 

By Matthew Davis, a writer at Future Hosting

You Might Also Read: 

How Can Boardrooms Effectively Manage Cyber Risk?:

 

« Israel Responds To A Cyber Attack With Bombs
US Electric Grid Suffers Unexplained DDoS Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.