It’s incredible how technology has evolved over the past 20 years.
When I started in IT over 20 years ago at this point, IT teams were concerned about much different concerns than they are today.
Way back when I was starting up Dynamic Edge, my team was focused on fixing computer problems. When it came to data security, we might have worried about a rogue employee here or there, maybe thought briefly in our days about risk management or compliance, but by and large, we were NOT a security-focused IT company.
My main job was to innovate on ways to implement new technologies to make the lives of my clients better.
But as we have gotten into an era where we all rely on technology more and more, criminals have moved from more traditional means of stealing and ransoming to locking down your entire networks and extorting your business’ sensitive information.
Today, attacks are more targeted.
By targeted, I don’t just mean social engineering their way into your network by targeting specific users on your team (they have been doing this with good success for the past few years now).
What I mean by targeting is that they are looking at how your network looks, understanding what infrastructure you have, identifying what vulnerabilities are published on your software or your office devices and breaking in with knowledge of how your IT team has configured (or mis-configured) devices on your network.
Part of the problem is IoT (the internet of things), how the sheer number of devices connecting to your network is putting your data at risk. But in terms of the increased number of attacks, criminals are automating their approach to breaking in and understanding how to evade what your IT team thinks might be safe.
Many organizations—including boardrooms—the conversation remains on the paradigm of catching up to cyber criminals. We’re patching our systems when we see vulnerabilities actually getting exploited and causing complete network shutdowns.
We remain in a reactive state where we watch what’s happening around us and attempt to shore up and prevent an attack when it’s already wreaking havoc.
The current mantra security is moving is to when (not if). What I mean by this is we want to assume to threat of an attack, not start preparing if something were to happen.
This is not about risk—something which may or may not happen. At least not anymore.
Attacks are now a reality. Just as a hurricane may be a real reality every year on the Gulf Coast. Taking the approach of when your data will be breached will help your organization have the right mindset and preparedness when it comes to vulnerability identification and threat mitigation.
As a CISO (that is chief information security officer) and cybersecurity expert in 2019, more strain is being put on the IT industry to make sure your data is secure. The problem with most IT support teams? They were trained under the old mantra of making life easier for you and your users.
Just like when I started Dynamic Edge, so continues the approach IT teams have to security: if it isn’t easy, it isn’t worth doing.
IT teams do NOT want to make life harder for you and your users and many perceive security measures as a barrier to getting their tasks done in a timely fashion. The challenge that CISOs have is figuring out how to not only make your users and your sensitive data secure, but how to eliminate barriers to getting things done within your organization.
With growing compliance demands and greater strain on your resources, cybersecurity has become an un-welcomed addition to your technical needs today and in the future. The challenge is: making cybersecurity approachable, easy and affordable.
