By: Jason Miller

“Cybersecurity” has become a buzzword over the last couple of years, especially with more cybersecurity attacks against large companies or corporations that are recognizable by name, but have you really taken the time to sit down and assess your organization’s IT security position?

Many organizations quickly punt the topic of cybersecurity to the IT department. While IT plays a huge role in cybersecurity, it is the responsibility of those charged with organization governance to ensure compliance. Board members and senior leadership should be asking the questions and confirming that the organization is devoting the proper resources and attention to cybersecurity.

“One and done” doesn’t work here

It is critical to understand that cybersecurity is not a one-time project. It is a continual evolution and initiative.

Leadership needs to also recognize there can be substantial costs associated with cybersecurity activities and for some organizations such as colleges and universities, they are not optional. Across the public and private sectors, it is imperative that organizations continue to enhance cybersecurity in order to meet evolving threats to controlled unclassified information and challenges to the security of such organizations.

With the ongoing focus on your organization’s bottom line, it might be tempting to defer projects related to cybersecurity to reduce budgets. However, doing so could put your organization in a position where you are not prepared, or even worse, in noncompliance with certain regulations specific to your industry. Cutting corners on cybersecurity compliance could wind up costing your business more in the end.

The “I’m covered already” approach

When evaluating your cybersecurity preparedness, there are several factors to consider. Let’s take a step back – right now, your priority is your business. You’re buying new technology, investing in new infrastructure and most likely trying to adapt to changing business models like cloud. It’s all good work but it takes time and effort.

Hackers desperately want access to your customer data, employee data, or intellectual property because it’s worth a lot. A single theft could cost your company severe financial damage. And sometimes, in the case of ransomware, all they have to do is lock it down and force you to pay to get it back as you’ve heard about in some of the latest attacks.

Why do you hear terms like “dynamic threat landscape” these days? Because you aren’t facing a group of hacktivists in a basement anymore – you are now facing professionals with a lot to gain.

Your business and the threat landscape around you are ever changing.  It is imperative that your organization conducts an annual cyber risk assessment. This allows the entire organization to consider current and future risks and put forth a plan to mitigate the identified risks.

Some businesses will run out and acquire every new solution they hear about for protecting their organization against cyber risks. While having a multi-layered approach to cybersecurity is important, it is also equally important to have an organized approach and to use tools that are designed to work together.  If your solution is designed properly, you could end up with what we call the security effectiveness gap. As you add more solutions that don’t work together, the complexity exponentially increases. So, every time you add another solution or another vendor, you add another gap – another vulnerability.

A robust cybersecurity solution will:

  1. Stop threats at the edge
  2. Protect users where they work (especially when team members are working remotely or on a personal device)
  3. Find and contain problems fast
  4. Control who gets on your network and from where
  5. Simplify network segmentation
  6. Provide compressive monitoring and detection

…But I have cyber security insurance

That insurance probably doesn’t cover anywhere near what you think it does. Should you invest in cybersecurity insurance? That’s a topic for a different day.

Your business, no matter what size or type, needs to be prepared to handle a cyberattack at a moment’s notice. It is important to work with credentialed professionals with cybersecurity expertise and experience to help you maximize your investment and make sure you have all the appropriate measures in place to keep hackers at bay.

Learn more about Dean Dorton’s cyber security services and solutions for your organization.

As originally featured in Louisville’s Business First