Historically, organizations have worked in siloes to address cyber security vulnerabilities. This approach, while quite common, leaves them susceptible to gaps in protection and provides an opportunity for “bad actors” to infiltrate their infrastructure. To a large extent, organizations have relied on basic security protections like firewalls and antivirus software. These methods may have worked, to varying degrees, in the past, but today’s rapidly changing, technology-based economy calls for something altogether different.
With Fortune 500 companies being compromised by highly-skilled hackers located in remote locations all over the world, data breaches can result in the loss of millions of pieces of confidential data — and are costing companies millions of dollars in legal fees, lawsuits, lost revenue, and a tarnished public image. How can companies protect themselves? The best way to minimize exposure and ensure the strongest protection possible is to develop and implement an integrated approach to cyber security, particularly one that addresses both the operational and technical aspects of the problem.
Vendors who sell cyber security hardware or software products often tell their prospective clients that most, if not all, of their cyber security needs can be met by the technical components of the product. In our experience, that’s not the case, given that the “best” cyber security tool in the world will not provide protection if an employee leaves an unencrypted laptop or mobile device that contains confidential information on a train, in a library, or any public place.
What operational aspects do you need to address?
For starters, organizations need to develop, implement, and monitor the relevant policies, guidelines, and procedures necessary to protect themselves from external and internal data breaches. What’s the first line of defense against data breaches? It begins with establishing effective operational security policies and procedures that are adopted and enforced by the entire organization — and are critical to complementing the protection provided by your organization’s technical cyber security hardware and software. Additionally, an effective training program is needed to ensure that employees understand their role in reporting lost data and preventing data breaches.
Another core part of your cyber security plan is crisis management in the event of a data breach. Recent studies suggest that data breaches will be a statistical certainty for large and small organizations in the near future. With this in mind, your organization needs to prepare a cyber security crisis management plan immediately — before the breach actually happens. Then you need to learn it, rehearse it, update it, and ready your staff to use it.
What about the technical side?
With the operational aspects of an integrated cyber security solution come a number of technical components that need to interface seamlessly with your overall approach. Organizations typically acquire cyber security hardware and software over the course of several years, which can result in a disorganized and ineffective technical solution. An integrated, well-conceived approach will identify technical gaps and deficiencies, and once that happens, a plan can be put in place to address them.
What are the benefits?
Taking the time to develop and implement an integrated cyber security approach will bring a number of benefits to your company or organization. Ultimately, an integrated approach can help you:
- Minimize your internal and external vulnerabilities, resulting in a significantly improved cyber security protection posture,
- Lower your risk of a data breach that could result in a loss of revenue, unexpected lawsuits, negative publicity, and personal liability by the CEO and board members,
- Serve as a business differentiator that clients and vendors value,
- Eliminate haphazard cyber security decisions that could cause unexpected, negative consequences,
- Maximize the use of resources and ensure that benefits are clearly defined and objective,
- Empower your senior management to make informed decisions based on your company’s business model, industry, potential solutions, insurance coverage, and the cost/benefit analysis of all of the above.
At COMPASS, we’ve developed a methodology for helping business owners and executives develop a customized, cost effective and practical approach to cyber security. This approach combines the discipline of project management with the latest cyber security technology and data protection best practices.
If you need assistance creating an integrated approach to cyber security, COMPASS can help. Reach out to us to arrange an initial IT network security health assessment.
