Cybersecurity Fails and How to Prevent Them
Living in this digital age where our personal and professional lives mainly revolve online opens up so much vulnerability and risks for our privacy. Online predators are beyond skilled and unforgiving. That’s why it’s important to build a strong cybersecurity structure. Keri Pearlson, executive director of cybersecurity at the MIT Sloan School of Management, believes that enterprise leaders must shift their focus from protection to resilience. “We need to assume the bad guys are going to be in our systems, find new ways to hack us, and continually innovate to reach their goals,” she explains. It’s important to know how your cybersecurity infrastructure works, especially at an enterprise level. Technology Journalist & Author John Edwards shares an article on InformationWeek.com depicting common cybersecurity fails and how to prevent them from becoming a larger issue.
Coordinating Vulnerability. “Only by acknowledging and sharing the vulnerabilities and mistakes that lead to breaches can security be improved for all organizations. One way to embrace transparency is by adopting a vulnerability disclosure program (VDP) that provides a plan for how vulnerabilities should be reported. “At its core, it’s a ‘see something, say something’ policy,” says Kayla Underkoffler, lead security technologist at security services firm HackerOne. “This helps organizations coordinate with security researchers through clear guidelines and avoid premature or accidental publication of vulnerabilities that may still pose risks to an organization.”
Operations and Risk. “Alisa Chestler, chair of the data protection, privacy, and cybersecurity team at law firm Baker Donelson, urges organizations to stop viewing security planning as a strictly cyber issue. Chestler recommends creating a strong governance program, one that requires regularly scheduled management team meetings devoted solely to security issues.
One of the biggest barriers to implementing a working governance program is enterprise culture, particularly resistance from less-informed management team members. Chestler believes that winning management support for strong security governance can be achieved through persistent knowledge sharing. Continuing to present news about current cybersecurity events is one way to move management to understand how critical their role is in the continued effort to reduce risks to the organization, especially to new threats as they evolve, she recommends.”
Overconfidence Kills. “Perhaps the biggest cybersecurity mistake an organization can make is becoming overconfident in its ability to respond successfully to today’s sophisticated, wide-ranging attacks. ‘Threat actors are constantly evolving their tactics and techniques to circumvent defenses,’ explains Phil Quitugua, a director at technology research and advisory firm ISG. Keeping pace with the threat landscape and performing regular assessments should be table stakes for enterprise cybersecurity. ‘A continuous improvement approach to cybersecurity is key to avoiding overconfidence,’ Quitugua says. Additionally, validating that security controls are behaving as expected should be a never-ending process.”