Would you give your car keys to a stranger? A lesson in security in a digital world

Security Should be Top of Mind for All Businesses – Large or Small  

According to Secureworld, attackers are relying on emotional triggers such as greed, curiosity, urgency, helpfulness, and fear to take control of  systems.  This means they are ignoring the front door and sending targeted spear phishing emails instead. For many of you reading this post, it is quite possible you have already handed someone your digital keys.  Some of you may know this has happened, but even more unsettling are the individuals who have no idea.   

Attackers Have the Advantage 

The price of compromise is staggering and it’s not just big companies and government entities that are paying the price, small businesses are the new targets .  The thrill for attackers is real and the payouts are huge, the price of entry amounts to a $199 Chromebook with a $29/month internet connection.  To make matters worse, the chips are stacked in the favor of attackers since defense always lags behind the latest threats. 

How hard is it to secure information?  If the CIA can’t protect their greatest assets then it must be quite a challenge.  For most businesses, there isn’t even a person on payroll with security in their job title.  And even when there is a dedicated person on staff for security, often they are under resourced.  The simple truth is that if there is no money to protect (i.e. banks, IP, etc.) typically there are no resources allocated.   

Attack Surfaces & Design Landscapes are Constantly Shifting

Even if resources exist for security purposes, with the emergence of a new hybrid workforce that is increasingly working remote, and sometimes on-premise, the historical “castle and moat” model of protection is outdated.  Protecting the keys to your digital kingdom is becoming more reliant upon biometric identification, multi-factor authentication (MFA), expanded virtual desktop infrastructure (VDI), and enhanced VPN solutions. 

Another challenge for security teams is navigating the landscape of solutions.  There are 8 main areas (Data Protection, Risk and Compliance, Identity Management, Application Security, IoT, Security Operations, Cloud Security, and Foundational Security) that encompass over 60 sub-areas.  Within each area, there are multiple vendors providing a variety of solutions that claim to solve the issues your company has.   

So What Can You Do? 

Organizations can succeed at computer security by providing basic information and configurations to their users and not scare them to death.  Getting people to believe in the expertise of a security team compelled by blind fear is the worst status of a profession. A good place to start to learn more about security and some basic steps you can take to make your home systems more secure is with the NSA.  The problem is not insurmountable. More and more organizations are staffing security teams and/or sourcing external help with security needs, initiating more security-focused projects and educating their staff through focused communications and learning. Firms like Excelerate can help you develop your security improvement plan by identifying which of the eight main areas of security are most critical to your organization, how you can improve your security infrastructure and which metrics to use to measure these improvements and how and when to communicate with your staff about security issues. Working with a trusted partner can help take some of the complexity out of the problem and create a clear roadmap to a more secure organization.