Why Cyber Security Needs to Get to the PointBy Bill Dunnion
We shouldn’t all feel as though we live in the future. The connectivity we now have as a global society is at such a level that we sometimes forget what it was like living without social media, streaming services and, of course, mobile devices—you know, like 2005.
All jokes aside, the fact that we have progressed so far in such a short space of time also means that the business world is still having trouble keeping pace with cyber security. Today, it’s the single most difficult challenge facing modern business: trying to manage the endpoint access of everyone. Hence the need to get to the point—the endpoint that is.
Seemingly, there is no end to the devices that can be connected to a corporate network: from mobile phones, tablets and laptops, to cameras, USB drives, MP3 players, IoT devices, the list goes on. The question then becomes, “Who monitors these devices and their access?” And, more importantly, “What corporate data is being uploaded or downloaded that could cause a potential threat?”
The challenge for many organizations is how to implement controls that allow users access to devices and their functionality, while simultaneously ensuring that no corporate data is being taken and no malicious code is being introduced into the network. After all, device functionality and its subsequent connectivity is the key factor in productivity—the reason why we want people to have devices in the first place. However, along with that connectivity comes the inherent risks associated with ubiquitous access.
Far too often, the greatest risk of a data breach comes from employees simply taking files without permission, or even uploading malware by mistake. In fact, research shows that accidental breaches—caused by devices being lost or by employees being unaware that their device is infected, and so on—account for the majority of issues that companies face.
The irony of the situation is that most associate cyber security incidents with the image of a hooded criminal hunched over a laptop planning the next heist. And, can someone please tell me why all cyber criminals wear hoodies all the time? Okay, I digress.
The question now is, “How does one control device access while simultaneously allowing some data types to be accessed or transferred?” To control endpoints, companies need to take a data-centric approach to security. In essence, designing an approach to give users the amount of control they need, balancing that with a level of security that will effectively prevent or mitigate the impact of a successful attack.
But that is easier said than done. The expertise needed to architect such a solution is something far beyond that of most IT teams, meaning that it’s simply no longer the role of IT to create such infrastructure. Gone are the days of IT being solely responsible for everything “technical.” In fact, IT is now far more of a business driver than the utilitarian group of doers it once was.
These issues are not solely technology issues. Generally, they are a combination of People, Process, and then Technology. First, you should know what’s important to your business, then train your employees on how to handle the information, and then implement solutions that are designed to protect the data—wherever it exists. And, of course, allow your team the time and energy to focus on what’s core to your operations.
So, where does that leave the endpoint security issue? If companies truly want to mitigate risk against intrusion of any type, they need to take a holistic approach to cyber resiliency—something that requires in-depth expertise and knowledge of not only technology, but also the human element.
My advice: Find a partner who has a history of implementing real cyber security initiatives—ones that work now and in the future. And, most importantly, get to the point—the endpoint.