Today, cybersecurity is on all our minds. Every other day, we get news of another cyberattack. As more organizations struggle to keep up with the onslaught of these new threats, many are asking: “What can we do to strengthen our cybersecurity posture?” When we want to quantify it, consider the concept of risk. In its simplest form, the risk associated with a system is the impact of it malfunctioning, multiplied by the likelihood that a malfunction will occur.
Even security systems, networks, and their configurations can be susceptible to potential cyber-attacks. All departments – not just the security department – need to be properly informed on these potential threats. For example, engineering and procurement (just to name two) departments need to be fully aware of the risks associated with procurement decisions based solely on price, without taking into consideration any possible cybersecurity weaknesses or vulnerabilities. Technology manufacturers should be held accountable for protecting their sales distributors and customers from exploitations of their hardware – working in partnership to ensure businesses and their data are adequately protected.
Intentional and Unintentional Risks
Today, a company can be at the mercy of an employee who unintentionally opens the content of a malicious email. For an attacker, this is quite often the easiest and most effective way to gain access and compromise a company’s confidential data. To protect your organization against this type of attack, users need to be properly educated to reduce this careless, high-risk behavior.
An organization’s focus should be on those who are in contact with the outside: Who can reach them? How can they be reached? How do they respond? These are the types of questions a company’s physical and cyber security teams need to jointly ask and manage.
Take the supply chain for example. This department represents a potential vector for an enterprise attacker. Companies, becoming increasingly aware of this risk, are taking steps to mitigate the possibility of a potential attack. Some go so far as to make static analysis or penetration tests on the products of their suppliers to ensure the solutions are robust and successfully “hardened” against cyberattacks.
Securing the Future with the Cloud
In the coming years, more organizations will leverage the cloud to help address many of today’s cybersecurity issues. The Cloud offers additional security for when making decisions on procuring new hardware and software. Education-by-example is a method that works well. By training all the employees and members of your organization on the benefits of the Cloud, and how it can facilitate cybersecurity, they will gain the knowledge to make better decisions that will keep their organization safe. When shown how easy it is to “hack into” some of the low-cost security hardware on the market, employees will understand first-hand the perils that poor procurement choices can cause.
In the event that these purchases have already been made, it would be necessary to:
- Assess risk through vulnerabilities. This can be done by an analysis of the product and the code, via a questionnaire sent to the manufacturer of the product and by a penetration test.
- Mitigate the important risks identified.
There is little doubt that organizations will increase their connections with one another, extend their security systems, and continue to move to the Cloud. Here are the three benefits for moving to a hybrid-cloud or all-cloud system:
- Easier access to system updates and patches – Vendors usually identify and correct vulnerabilities and bug fixes in software version updates. But updating software is time-consuming, and it’s a task that might fall through the cracks until something major happens. When using cloud services, the cloud service provider is responsible for the updates, which are immediately pushed down to you in a seamless or almost seamless way. This helps to ensure that your systems remain protected against known vulnerabilities.
- Real time system health and availability status monitoring – Receiving an alert when a camera goes offline or when there’s a server failure could help avoid potential threats and the loss of critical “up” time. Cloud services can automate this task by providing real-time status dashboards accessible from anywhere and by sending an email or text with an alert that a system vulnerability has been identified. The administrator can then securely log into the system from any secure web server to investigate the issue and take corrective measures.
- You can outsource risks and costs to providers – Keeping pace with threats requires expertise and capital. Cloud providers use economies of scale to enhance their solutions and provide high levels of security for their shared infrastructure. They take the burden of the risk of threats, investing money, time and resources to build and maintain highly-secure cloud platforms that benefit millions of customers. As a client, you get access to multiple layers of security at the fraction of the cost.