Are You Spending Your Money On The Wrong Information Security Technology?
Nearly every time I meet non-technical folks at events and parties, I am asked what firewall, anti-virus, or other security technologies I consider to be the best.
The truth is that there is no one one-size-fits-all answer to the aforementioned question. Furthermore, the fact that so many people ask such a question is indicative of a disturbing trend among both businesspeople and consumers vis-à-vis information-security. People seem to spend too much time, energy, and money on areas with relatively low return on investment rather than on areas that can be of much greater value. The difference in level of security provided by any two of the major anti-virus products, for example, is far smaller than the difference between failing to address some other risk and properly dealing with it.
Here are four areas of information security that are often given insufficient consideration – but which you ought to be thinking about – because they may contain gaping holes, and cybersecurity investments in these areas may pay off handsomely.
1. Defenses against Human Issues
It is critically important to address human vulnerabilities. Criminals know that cybersecurity technologies have greatly advanced over the past couple decades, but that the human mind has not. Which do you think they prefer to attack – firewall version 30.0 or human brain version 1.0?
There is a reason that crooks scour social media looking for information that is likely to be used as a password or can be used to craft effective spear phishing emails; they have found that doing so is well worth their time.
There are multiple steps to addressing human risks.
Training classes are important – and certainly can reduce the exposure that an organization has to humans falling prey to scams that ultimately lead to breaches. Training, however, is not an end-all; even trained folks make mistakes, especially since criminals continuously improve their social-engineering techniques.
Invest in human-facing technologies; systems that continuously train employees not fall prey to spear phishing and/or alert them if they are leaking data via social media can be help prevent a devastating breach, and can also increase the odds that employees will report suspicious activity. Keep in mind when choosing products to help with human-related security that criminals don’t stop working at 5 PM or refrain from attacks on weekends and holidays; defenses must be able to work even when employees are not in the office.
2. Defenses against Hackers Who Have Already Breached Your Organization
In the real world, we are used to securing our homes and offices by locking exterior doors and having the doors and windows alarmed; it is not surprising, therefore, that historically, information security has focused on the perimeter – keeping hackers out of an organization.
Today, however, relying on perimeter defenses is likely to lead to disaster; if competent, well-funded hackers want to penetrate a specific organization, they are almost surely going to eventually be able to do so. The numbers are on their side: to remain breach-free an organization needs to fend off all attacks, but hackers just need to successfully execute one attack in order to break in.
We need, therefore, the digital equivalent of interior motion-detectors. Make sure that you implement technologies not only to deflect hackers at the perimeter, but to detect and defeat attackers if they successfully penetrate. Systems that detect anomalous activities can catch many problems; if your CFO’s computer is suddenly transmitting all of its accounting-related files to a system overseas, for example, such systems will raise red flags. Additionally, make that sure you encrypt sensitive information, and do not give employees access to sensitive data that they don’t need in order to do their jobs.
3. Defenses against Mobile Risks
Many businesses and individuals still do not sufficiently protect their mobile devices. As I mentioned in a recent Simplilearn webinar, Trends in Information Security & Their Impact on You, the devices that you and your employees consider “smartphones,” are full-blown computers that possess more processing power, and likely house more sensitive data, than desktop computers of just a few years ago.
People walking around with handheld computers – that are both constantly connected to the full-of-hackers Internet and have a far greater chance of being stolen or lost than other computers – create serious risks. Make sure you have adequate security software on these devices, and enable remote wipe capabilities. If you let employees use personal devices for work, make sure you address BYOD concerns as well.
4. Internet of Things risks
If you have smart, connected devices within your organization, have you considered the security implications? Are you protecting these devices from hackers? Are you protecting other devices and networks in case these devices get hacked? Don’t forget that these devices are full-blown computers – and there are plenty of examples of such devices being hacked. Make sure you segregate them from systems and networks carrying sensitive information.
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack – and we’ve got special rates for our readers!
About the On-Demand Webinar
About the Webinar