What Can We Do About Increasing Complexity In Cybersecurity?

Cybersecurity has never been more complicated, nor has the world ever faced a threat surface quite so large. User empowerment coupled with technology like smartphones and IoT devices has led to widespread chaos in IT departments around the world.

How exactly can we address this new landscape, both within our own organizations and in the wider enterprise? By holding our vendors, partners and ourselves above all fully accountable.

We’re on the verge of an era of hyperconnectivity—an age in which everything from our thermostats to our kitchen appliances to our infrastructure is being brought online. While such technological developments undoubtedly make both our personal and professional lives considerably more convenient, they also make cybersecurity more complicated than ever.

Let’s talk about what you can do about that. Here’s a bit of advice on how your organization can prepare itself to deal with increasingly complex infrastructure and an increasingly dangerous threat landscape.

Address the Cybersecurity Skills Shortage
One of the most pressing issues in the security space is the looming talent shortage. By 2021, there will be approximately 3.5 million unfilled positions in the cybersecurity industry. The problem is that technology has become more ubiquitous than any of us could have ever predicted. Even within a small to mid-sized business, there may be an overwhelming volume of devices for IT staff to manage, and that number grows with every passing day.

Factor in that we’re bringing more and more of our infrastructure online and relying more and more on the digital realm to store and manage sensitive data, and it quickly becomes obvious that we need more cybersecurity professionals. The problem is how exactly we can find them. Security engineers are, after all, still in short supply. The men and women with the necessary expertise are in such high demand that they basically have the pick of the litter when it comes to career selection.

The first step is to promote and support programs aimed at introducing more women to STEM careers, such as computer science. Although we’ve made great strides in that regard in recent years, women generally only make up 14 percent of the cybersecurity workforce in the United States. It’s still very much a boy’s club, and one with a huge image problem to boot.

Businesses should look beyond the horizon of traditional cybersecurity and computer science programs to find talent. Many skilled individuals might be promoted and trained up from within one’s own organization. Men and women working in fields as diverse as the military and accounting could potentially have a great deal to offer from a security standpoint. The key here is to get creative because only creativity will solve this problem.

Look toward Blockchain to Address IoT Security
IoT devices represent the largest security threat we’ve ever faced. This is a massive, distributed threat surface with millions of nodes, any of which could expose a security vulnerability. While working to establish a framework that will hold IoT vendors responsible for the security shortcomings of their products is certainly a nice thought, the reality is there will always be exploitable vulnerabilities in connected devices, particularly consumer endpoints.

The solution, oddly enough, may lie with the technology underneath infamous cryptocurrencies like bitcoin—blockchain. A decentralized distributed ledger designed to be both consistent and tamper-proof, it seems uniquely suited to the project of securing IoT. Ledgers could be used to store anything from encryption keys to sensitive data, but that’s just the tip of the iceberg.

Even as I write this, Samsung and IBM are hard at work devising a technology that will allow blockchain to create a network of IoT devices, allowing devices and endpoints to issue commands and to send messages to one another through a secure, decentralized, low-cost medium. Known as ADEPT, I expect it will be the first of many such technologies. In the meantime, you can do your part by practicing due diligence with enterprise IoT vendors and air-gapping all consumer endpoints on a separate network.

Use the Cloud to Streamline Operations
The more complicated your business processes and infrastructure, the greater the chance that there will be a security issue somewhere along the pipeline. Cloud computing can offer a solution. First and foremost, it can allow an organization to automate a wide range of manual processes, freeing up man-hours to focus on more pressing concerns, particularly in IT.

It can also simplify disaster recovery to a large extent, allowing for on-demand redundancy and easy, offsite replication of systems and data, enabling easier software updates. Moreover, it keeps all your data assets in a centralized, easy-to-manage location, at least from your own point of view. Many cloud vendors also offer cybersecurity as a service platforms, allowing businesses that might otherwise lack the necessary expertise and manpower to keep critical assets safe from unauthorized parties.

Let’s Hold Vendors, Partners and Ourselves More Accountable
Last but certainly not least, your business needs to understand one thing above all else: cybersecurity is no longer just a technological problem. It needs to be a business-wide directive, one which involves regularly updated processes and policies, frequent security audits and drills, and due diligence on any vendor with which your business may work. 

We need to hold our partners, vendors, and employees accountable, but no more than we need to hold ourselves accountable. If we aren’t taking the necessary measures to protect our own systems and data, we can’t expect our businesses to be secure. Similarly, if we’re not securing our own organizations, we can’t hold our vendors and partners to any sort of standard.

Cybersecurity Is Complicated, but It Doesn’t Need to Be
There was a time when corporate cybersecurity could be managed by a single business department. Those days are long behind us. Today, cybersecurity has grown more complicated than ever.

But that complication need not be insurmountable. Follow the advice we’ve outlined here and your business will have a leg up as cybercriminals continue to hone their exploitative methods. 

By Matthew Davis, a writer at Future Hosting

You Might Also Read: 

How Can Boardrooms Effectively Manage Cyber Risk?:

 

« Israel Responds To A Cyber Attack With Bombs
US Electric Grid Suffers Unexplained DDoS Attack »

Directory of Suppliers

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

Thursday August 27, 2020: Join SANS and AWS Marketplace to learn how you can leverage solutions to create visibility at scale and allow you to do more with your data and improve your security posture.

Tenable Network Security

Tenable Network Security

Tenable Network Security - The Rise of the Business-Aligned Security Executive. Is your security operation aligned with the overarching goals of the business?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Datapipe

Datapipe

Datapipe is the managed hosting and cloud services provider with the most complete set of services, global locations, and industry leading partners.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

oneKIY

oneKIY

KIY is an advanced user-control security key which you will use for authentication, secure data and files.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.