We’ve reached a point in this digital world where cyber security breaches are happening on a monthly, weekly, even daily basis. Enterprise level security patching is excruciatingly difficult, and after one part of a security network is exploited, calling attention to the failure, vulnerabilities in other parts of the network are often discovered and attacked.
NEF CEO Mike Murphy recently sat down with Jarret Raim of RackSpace to discuss some of the challenges associated with cloud security and how they can be addressed. You can listen to the podcast in its entirety here.
Why Implementing an Effective Security Plan is so Difficult
At this point, most large companies have compromised the security of their IT infrastructure in one way or another. The difficulty arises because it’s not an entire program failing, it’s individual, sometimes minute, aspects of a security plan that are exploited. So, the problem isn’t that the security company didn’t patch the right leak, it’s that they didn’t effectively enable their client to run the security operation and do the things they need to do in order for the security network to work properly, for example: establishing strong passwords and changing them regularly, installing strong antivirus software, and making sure operating systems and computer programs are up to date.
Good security leadership is very difficult to find right now. We’re at a place in the industry where too many good leaders have moved up the ranks to C-level positions and as a result, they don’t get the opportunity to work directly with the companies they provide security for. The security leaders who are now working with these companies to give them the tools and knowledge they need to operate their security correctly, just don’t have the same level of talent and experience.
Many security leaders now lack the proper understanding of how security engineering and operations work. They don’t have the technical expertise necessary to understand what security engineers are trying to accomplish, or even what’s possible, leaving a huge disconnect between what a security organization is able to do, what they can provide, and what a client needs in order for the plan to be successful.
Your security will never be perfect. You will likely have breaches. The more important questions are:
- Are you working with the right security company?
- Are you putting the right amount of time and resources into your security network?
- Are you learning from failures and not making the same mistakes twice?
As long as you are aiming at the same target as your security provider, you’ll have a successful security plan.
What You Can Do to Keep Up
Despite the fact that billion-dollar companies struggle to implement a sufficiently effective security network, there is hope for smaller to medium-sized companies. There are security tools that provide an extraordinary amount of value. They provide a great deal of risk reduction, but don’t require a wealth of expertise or a large investment. A great example is multi-factor identification, an IT tool that can be employed by any organization.
You can start your security plan on easy-to-implement tools like this, and move into larger programs as you grow. These tools can be very effective without requiring a large security organization’s involvement or a huge investment. They significantly reduce the primary ingress of most modern attackers, as most security hacks don’t come from hackers who find a loophole in the system. Most come from hackers who found legitimate login credentials for one key user and are able to then access all that data without raising any red flags because nothing out of the ordinary is happening. Firewalls and Malware detectors don’t flag these hacks because all the system sees is a registered user looking at information they have been granted access to.
Designing and implementing a security plan that will be effective against modern hackers isn’t easy. With billion-dollar companies making headlines for being breached, it’s easy to lose hope as the owner of a much smaller company. But even with fewer resources, securing your company’s data is possible. It’s important to learn not only from your mistakes, but the mistakes of others. To avoid making mistakes of your own, find the right managed service provider, employ the security tools they offer, and stay in constant contact with their security professional. This way, you can stay ahead of the curve and stay out of the headlines.