- Learn about the common issues with the way we traditionally think about security and evaluate security solution providers
Our community of businesses in Canada (and the rest of the world) are failing at protecting their IT infrastructure. The reports of compromises among small to medium-sized businesses are more prevalent than ever before – and we are still only seeing the businesses that have reported these breaches nevermind the ones that don’t report them.
These issues stem from the fact that good security hygiene is not being followed, and that the very practices that have been designed over many years are being ignored. There is a tendency to “shoot from the hip” when implementing security technologies and processes that are just not working.
This must be an obvious conclusion to anyone who asks themselves whether companies hit with ransomware have firewalls and anti-virus. In almost all cases the answer is going to be yes. So what is the problem? Something is definitely broken in terms of strategy. And therein lies the problem. Most organizations lack a strategy that works for defending their environments.
There is too much discussion around which vendor has the best “widgets”. The question should be “does this vendor solution satisfy my strategy requirements.”
Cybersecurity today is a complex minefield to navigate. It is no wonder that organizations are confused as to what they should do for the best. Anyone who has ever read a book on cybersecurity seems to be an expert today. Their input contributes to providing conflicting viewpoints on what organizations should be doing without really understanding the context and complexity involved in securing organizations.
What we have today are organizations that are practicing “best efforts” and not “best practice”.
Criminal organizations and nation-states are massive contributors to what is going on in the world. They are highly organized, highly motivated and highly funded – all of the things most regular organizations it seems are not. You will never hear these criminal organizations say “we have no budget for that.”
The industry is awash in standards and frameworks designed as guide books on how to be secure. Yet the majority of organizations have never heard of them.
These guides are designed to take the mystery out of being secure as they have been developed over decades by brilliant minds from the cybersecurity industry – so why reinvent the wheel if these already exist?
Cybersecurity as noted by everyone is a business problem. But nobody explains to the business how it’s their problem. They need to know; what the plan is, how much does it cost to be secure, how long will it take, what are the priorities and so on…
Your call to action: reflect on your security and whether your organization needs to begin shifting the way you think about it.
Marketing manager, Able One