What Business Leaders Need to Understand - Prevention + Detection + Response + Training = Cybersecurity
Ransomware, cyber attacks, and zero day exploits are constantly in the news these days. As a business leader, what can you do to ensure that your business is safe? How can you choose sensibly from thousands of choices for cybersecurity tools?
The cybersecurity vendor landscape is vast. To say that there has been a proliferation of tools and methodologies is an understatement. Having recently immersed myself in this vastness to help steer technology and business strategy for Intuitus Corp., I have emerged with some key insights easily explained in layman’s terms that I think business leaders will find useful. It really can be this simple and jargon-free!
Securing a business for cybersecurity is much like securing your home or business physically:
1. Secure all the entrances and exits. 2. Install sensors to detect anomalous activity. 3. Set up a mechanism to respond promptly when sensors send alerts. 4. Train occupants to follow safe practices.
To ensure the cybersecurity of your business, you need to follow the same steps. The only difference is in what you are securing, detecting, responding, and training to.
Securing All Entrances and Exits
Entrances in cybersecurity are ways in which anyone can access your business network from outside - say, the Internet/web, servers, private networks, employees working from home, emails, mobile devices, desktop and laptop computers. Exits are how your employees access the web, private networks, or your customer or partner sites from work computers, emails, and so on.
Cybersecurity of your business is intricately woven with the security of your network. Just like motion detectors, surveillance cameras, and burglar alarms for physical security can detect and identify thieves, comprehensive capture and monitoring of your network activity and critical logs can help detect anomalous activity and identify their perpetrators.
Responding to Alerts
Prevention and detection could be fruitless if alerts cannot be responded to in a timely fashion. A lot of businesses using traditional cybersecurity tools struggle with this. A recent study found that businesses take 201 days on average to process a security alert. Contrast that with how little time it takes a hacker after breaching your systems to install ransomware and inextricably compromise your business - minutes to hours - and you can understand the importance of a timely response.
Just like you would not want your family members to share the security code with anyone outside, you want to ensure that your workforce understands basic cybersecurity safety precautions. Many people are surprised when they learn the level of sophisticated tools available to even a novice hacker to learn about their business and personnel and craft a clever “phishing” email designed to steal information required to hack into their network.
Constant reminders of cyber safety hygiene is an important ingredient of workforce training. However, we must also remember that even the cleverest employees or executives can be fooled some of the time. Or an employee with malicious intent could pose an insider threat. Hence the critical need for detection and response.
After reading this article, I hope that you will agree with me that Cybersecurity = Prevention + Detection + Response + Training.
At Intuitus Corp., we have a comprehensive cybersecurity as a service offering that includes all required elements at a low cost. Our technology, developed by The Boeing Company and used in the defense sector, has protected vital networks for over a decade. For managed service providers (MSPs) looking to improve their security offerings, Intuitus is a very compelling offering. We are actively recruiting partners worldwide.