Cybersecurity Game Plan
For any kind of team, those constructing the roster must keep several factors in mind: notably, style of play, abilities and character of personnel, and management. Without a clear, concise vision of how to proceed along these fronts, the team is going to suck, or at least be marred by dysfunction.
Often, however, front offices think that simply throwing enough money at players will equate to success, without an eye to how the money’s being spent. The same is often true in cybersecurity. A recent report by Thales e-security reveals that while security spending is up substantially, companies can be unsure about just how where to spend. Network and endpoint protection usually get the lion’s share of the budget, but encrypting data-at-rest, or data on the disks, just doesn’t happen as frequently as it should. Antiviruses and firewalls are all well and good, but they wouldn’t be enough save a Target or a Michael’s, and were not. “Data protection tactics need to evolve to match today’s threats,” says Garrett Bekker, senior analyst at 451 Research and author of the report.
This disparity is apparent from the fact that, despite this increase, two-thirds of those Thales surveyed have felt the effects of a data breach, a quarter of them in the last year. Perimeter defenses need all the extra help they can get.
And, since tomorrow is the 10th anniversary of Data Privacy Day, it’s important to remember to practice good security habits. Habits like: knowing the close relationship, yet distinction, between privacy and security (“Privacy asks whether you can see through someone’s window. Security asks if you can break in.”) and valuing both; regularly updating and making clear policies, detection and response plans; reviewing who has access to what, and whether they need it; setting network passwords to expire every few months, to mitigate the risk of weak passwords and replace them with more complex ones when needed; providing training to employees so they understand that 12345 is not a secure password; not springing for the convenient, quick fix if it sacrifices privacy and security; among others.
Protecting your networks and data has become as necessary as brick-and-mortars locking up their stores, hiring guards, using security cameras, etc. That said, organizations still need a solid game plan and coherent vision, or else their security is going to find itself at the bottom of the rankings.