America has sacrificed security for simplicity and consequently left itself vulnerable. A reset of cyber security helps companies take nothing for granted.
Click here to read the complete illustrated article as originally published or scroll down to read the text article.
Not a day goes by that cyber security isn’t front and center in the news. Consumers and businesses alike are impacted by a series of interconnections that are all driven by technology. These are tied to an unseen network of processes, data collection systems, and programmed decisions—all intended to minimize risks, facilitate business growth and protect our communities, workplaces, and country. However, as recent decades have proven, something isn’t working. At the core of the problem lies one simple truth: the United States and the rest of the world have sacrificed security for simplicity. The resulting vulnerability begs the question: Is it time for a reset? Should companies take a step back to determine whether they are as secure as they think they are or should be?
Cyber security basics
Many companies have fallen victim to huge data breaches—some of which never recover from the destructive effects. Taking a step back to reset, reevaluate, and ideally to reverse the trend is easier when companies start with the basics:
- Adopt the mindset that responsibility for cyber security starts at the top. Companies that want to safeguard their organizations from cyber attacks need leadership buy-in at the C-suite level. When management and employees know cyber security is a priority mandate and has the full attention and backing of the CEO, they are more likely to focus their attention on the issues that can cause cyber breaches and adopt the appropriate behaviors to prevent them.
- Make establishing a comprehensive cyber security policy a priority. In spite of all the talk about cyber security, there are many companies that haven’t established adequate protection for their information systems. In many cases, that’s because they don’t understand the risks they face. Just because a system has never been hacked doesn’t mean complacency is acceptable. Proac tive cyber security policies and procedures must be established, tested for effectiveness, and shared throughout the organization.
- Seek outside expertise when necessary. Not every company has the internal proficiency in tying all the cyber security pieces together, including vulnerabilities in supply chain logistics, shop floor visualization, electronic data interchange, predictive analytics, and disparate information systems. So what’s the best way to address the knowledge shortfall? Apply this analogy: Companies regularly seek out legal and financial professionals when they need specialized expertise. The same principle holds true when it comes to cyber security. Just like consumers don’t leave their homes unlocked or make their valuables accessible to strangers and intruders, businesses need an airtight protective gateway that encloses and shields the company from risk.
- Manage the mindset. Once an appropriate risk management team is in place and responsibility for oversight is clear, implement practical training to build knowledge and communications training to develop employee awareness. Some say that people are the weakest link when it comes to cyber security. Consistent, ongoing training is essential to overcome that probability. The value of this investment cannot be overstated. The effort will allow businesses to pinpoint the relevant metrics that can yield actionable protective measures.
The role played by government
In October 2017, the Cambridge Cyber Summit invited security experts and top technology leaders to explore cyber threats and to help secure America’s future. Hosted by CNBC and The Aspen Institute, the Summit’s name was Right Hand, Left Hand: Transparency, Communication and Conflict. There it was agreed that at some level government and private industry must cooperate in an effort to protect the data security and privacy of U.S. citizens. Guest speaker, Tom Wheeler, former chairman of the Federal Communications Commission, spoke very candidly, “The challenge is we look at 21st century technology issues and discuss them in 20th century terms and propose 19th century solutions,” Wheeler said. “That paradigm has to be broken…the going forward regulatory structure has to be the one that doesn’t retreat from the field but leaves behind industrial-era concepts to become more agile, and that means working with the companies.” The Summit concluded with an agreement as to the role government can play and it’s largely educational.
Stakes and risks for business
Even back in 2015, there were over 666,000 internal security breaches of U.S. businesses. The difference is, despite that high volume, at the time less than 20 percent of managers considered the threat of cyber security to be a top priority. Now that has changed. The problem has become far more prevalent and the time to deal with it is now. A sampling of data breaches that have occurred in 2017 follows.
Cyber security in a global marketplace
The 2017 Global State of Information Security Survey was conducted to explore how businesses are embracing a modern approach to threat management and information sharing. The survey drew on the responses of 9500 executives in 122 countries and over 75 industries. Key findings indicate good news and bad news. On the positive side, there seems to be increasing commitment to cyber security; however, the good news stops there. The darker side shows that 48 percent of respondents report being without a security awareness program, and 54 percent lacked incident response plans. Furthermore, only 45 percent conducted vulnerability assessments and just 42 percent ran penetration tests. It’s of grave concern that these four measurements represent cornerstones of basic cyber security control and more than half of respondents couldn’t even weigh in.
Imagine the crystal ball
If we could look into America’s cyber security crystal ball, we would want to know what the future holds. What role will IT departments have? How will hacking be reduced? What will drive the biggest change? Which risks aren’t being taken seriously enough? The catastrophic breaches that have played out over the past five years are sending a message. In general—and with no time to lose—America needs to accept the cyber reality, and force a reset in its thinking. The cyber culture must stop sacrificing its precious security for the promise of simplicity. Such a sacrifice comes with threats that can’t possibly be worth the loss of vital protective layers. Consider the potential benefits to resetting protective policies and decide that, regarding cyber security, nothing can be taken for granted. If today’s cyber culture doesn’t see the looming danger as a motive for change, it will evolve into a culture of cyber fools.
About the Author:
Michael Mantzke is the CEO of Global Data Sciences, Inc. (GDS), headquartered in Aurora, Ill.GDS identifies and resolves known and unknown inventory problems that reduce customers’ headaches and increase their profits. Areas of expertise include global operations, inventory management, process and procedure optimization, systems integration and optimization, and cybersecurity and data forensics. For additional information, please call 630 299-5196, visit www.globaldatasciences.com, or email email@example.com.