Cybersecurity Evolved

Cybersecurity Evolved

For the second weekend in a row, I am sitting near lots of people playing Pokémon.

That’s correct. Pokémon, the Japanese card game launched in 1996 and, as my 12-year-old son would happily tell you, a game that is still going strong three decades later.

So much so, in fact, that we are here at the Hartford Convention Center where he is competing in a tournament of 1,200 mostly “Masters” (16 and up) as one of the hundred-plus “Juniors” (12 and under). I enjoy hanging out with the Pokémon people as they are a community of super-friendly, helpful folks.

The Pokémon company mints money in the form of new cards that are released every quarter.?The new cards beat the old cards (I’m oversimplifying, but did you really want to know more?), compelling players to keep buying new ones in order to build winning decks.

The overall result is that the “metagame” keeps evolving, bringing new players, new cards, and new money to the Pokémon bottom line.

The Bad Guys Never Sleep

Cybersecurity is also constantly changing: what worked yesterday won’t work tomorrow.

For example, remember when…

… you had “a password” that you used in all situations?

… you never locked your phone and readily handed it to anyone who asked?

… your banking info, medical records, and all kinds of other confidential information were only accessible in person and (usually) on paper?

Now, of course, all your important “stuff” is digital, giving you convenient access to it anytime and from anywhere.

The problem is that?the evolving metagame of security is not static — attackers modify their approach on a never-ending, daily, weekly, and monthly basis.?Which means that if your approach to security isn’t also evolving, you are, in effect, holding last year’s Pokémon cards.

For example, Multi-factor authentication (MFA) used to be “unstoppable.” It still is a great technical control to minimize risk, but it’s no longer bulletproof. The bad guys weaken MFA protection by stealing cookies, compromising the SMS network, and tricking users into typing codes into fraudulent dialog boxes.

So, companies (and individuals) must consistently improve, too. How??With an active cybersecurity program.

We recommend a?structured, cross-disciplinary meeting?every couple of weeks (at least). And not just with the tech folks – your marketing, HR, finance, and other departments are all procuring and running systems; they need to be part of these conversations, too.

Some big things to pay attention to in your meetings:

Changes in Personnel…

If the executive who thought cybersecurity was important leaves your organization, will the new person give it the same attention – or is it their second, third, or not at all a priority??Absent an engaged sponsor, the entire program can fall apart.

Even the loss of a?key admin person?can bring things to a screeching halt. Suddenly, it’s hard to get a list of valid users, new employees, active vendors, training schedules, etc. If this person was the glue holding your cybersecurity activities together, you need to identify a new person right away.

Changes in Environment…

Often, when trying to launch a new product, there’s urgency to get it out the door with the expectation that we will “fix the rest later.” But once you launch something, you will be busy responding to customers; at that point, it’s hard to prioritize security.

And, unfortunately, the bad guys have not agreed to your timetable!?If they move first, it could lead to a very bad day for your organization.

All of the tools that make your digital life easier – automation, easy accessibility, near limitless storage of data, etc. – also make it easier for the bad guys to perpetuate attacks.

Another common environmental element involves a change in a key supplier. When that happens, the procedures that worked before may be overlooked; your data may still be in the hands of the old supplier; or the old supplier may still have access into parts of your organization.

Changes in Market…

We have witnessed many examples across several industries where the “norm” evolves very rapidly.?Almost overnight, customers demand better security, regulators establish new standards, and security issues that had been backburnered move to the front.

If you’ve already got an established, in-house cybersecurity program in place, you will be prepared to respond quickly as these types of changes occur.

A Little Bit, Every Day

Like it or not, we are participants in an arms race in which the bad actors never sleep and the definition of “secure” is constantly evolving.

Fortunately, by working steadily, systematically, and cross-functionally, most organizations can protect themselves from the worst of these threats.

It’s either that or take your chances playing with an increasingly weak deck of cards!

If you want to get more great cybersecurity content delivered to your inbox,?click here?to sign up for our monthly newsletter, Tales from the Click.

This article was originally published on the Fractional CISO blog.

CHESTER SWANSON SR.

Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer

1 年

Thanks for Sharing.

要查看或添加评论,请登录

Rob Black的更多文章

  • Cybersecurity Needs Your Attention

    Cybersecurity Needs Your Attention

    December. That magical time of year when so many conversations turn to… … the pick and roll, great team defense, smart…

    3 条评论
  • Cybersecurity’s Unanticipated Benefits

    Cybersecurity’s Unanticipated Benefits

    Longtime readers of this newsletter may assume that the only professionals I ever call to my house for assistance are…

    11 条评论
  • Cybersecurity Controls – All Are Not Created Equal

    Cybersecurity Controls – All Are Not Created Equal

    The last time I bought a new pair of ski boots was the late 90s. Just to give you some sense of how long ago that was…

    4 条评论
  • Why you need a Quantitative Cybersecurity Risk Assessment

    Why you need a Quantitative Cybersecurity Risk Assessment

    You are presented with two arguments about who is going to win the Super Bowl this weekend. Which sounds more…

    3 条评论
  • Top 5 Rob & Rob Videos of 2024!

    Top 5 Rob & Rob Videos of 2024!

    I am settling into my role as the principal member of the one-man short-video sketch comedy troupe Rob & Rob. This…

    8 条评论
  • Prepare for the Cybersecurity Championships!

    Prepare for the Cybersecurity Championships!

    The NBA season kicked off last night. This year, our beloved Boston Celtics are favored to win it all, again! I…

  • Let’s Get Physical

    Let’s Get Physical

    “Dad, the house alarm went off!” This is not great news at any time of day, but it’s especially unnerving when your…

    3 条评论
  • What’s Your “After Action” Plan?

    What’s Your “After Action” Plan?

    It shouldn’t have been a problem. After all, what could possibly go wrong helping a vacationing neighbor whose plants…

    7 条评论
  • Do You Have a Golden Cybersecurity Questionnaire?

    Do You Have a Golden Cybersecurity Questionnaire?

    It’s that time of year again – my two kids head off this month to overnight camp. They had a great time last summer:…

    12 条评论
  • Don’t Ignore the Warning Signs

    Don’t Ignore the Warning Signs

    Our house is only 18 months old. At this point, few things need repairing, painting, or upgrading.

    6 条评论

社区洞察

其他会员也浏览了