In a volatile world, security is everything

No longer isolated to the IT department, security is a vital piece of any modern business. As technology reaches across today's enterprise, everyone is a stakeholder. Organizations require a holistic approach that identifies effective security strategies through collaboration, stakeholder engagement and agile contingency planning.

The technology to deliver consistent, reliable operations both internally and externally is mission critical. This means that CIOs must manage complexity across distributed organizations while still keeping the trains running on time.

Security is neither simple nor straightforward. Threats are continuous and rapid-fire. Through analysis of expert opinions and best-practices, I've identified 4 key pillars of a resilient security strategy. This is by no means comprehensive. Rather, it's a framework for building a security strategy that is both nimble and effective.

Sensible regulation

Regulation is the first component of an effective security strategy. While it's not something one has direct control over, regulations inform the environment in which protection occurs. Sensible regulation gives companies leeway to secure their systems while ensuring consistent security standards. With this consistency, organizations at least have a benchmark for acceptable security practices.

The government has created a plethora of overlapping, duplicative, and varying standards. This patchwork is not conducive to quick shifts in strategy. Regulation must move as fast as emerging threats. Without a regulatory mindset that includes a nimble approach, there are more risks than ever before.

Regulations must be crafted in a way that both allows businesses to adapt to emerging threats and gives governments the ability to protect their citizens and national interests.

Self-protecting and self-healing systems

Security must be a fundamental component of system design. Vulnerabilities are much more easily manipulated when security is an after-thought. If protection is bolted on, there can be more tenuous integrations with the system's core functions.

As the world moves to the Internet of Things, we must address the patching of vulnerable-yet-connected devices. A patch is an update issued to fix a security hole. Just consider last year's internet outage that was caused by hacking IoT devices. Weak patching makes for ripe opportunity, as IoT devices are rarely-if-ever updated to address critical security flaws. Attackers will always take the path of least resistance, especially when there are millions of unprotected paths to exploit.

The potential for security intrusions grows as more devices interface directly with each other. This is where artificial intelligence and machine learning comes into play. By leveraging one technology to support another, automation can keep systems up to date. Learnings from one device can inform security for another in the same system. Like white blood cells, each intrusion teaches the others how to fight back.

Together, stronger.

Of course, bad actors can exploit these self-healing mechanisms. Known as zero-day exploitations, these emerging security threats exploit a gap quickly and at scale. So all connected devices should have a secured, authenticated tunnel that pushes mandatory updates. By automating security functions like patch management, threat exposures are diminished. This increases the speed at which we defeat new vulnerabilities.

Multi-factor authentication

Consumers have become familiar with authenticating accounts through more than one channel. This is when a login on a website triggers a text message code on a mobile phone or a code through an authenticator app. Multi-factor enhances the effectiveness of a security strategy. By forcing a hacker to access two channels, vulnerabilities are dramatically reduced.

It is well-documented that passwords alone continue to be an ineffective way of protecting information. Users often have basic passwords, repeat passwords often, or use documents to track passwords. Each of those issues opens the door for hackers to infiltrate computer systems. And, in the case of using one password for multiple sites, hackers can often manipulate one hack into several more.

While multi-factor authentication can be annoying - after all, it is an added step - it's better than the alternative. And the tide has turned as far as security awareness. The average consumer is far far tuned into security concerns:

65% of consumers worry about the security practices of those companies who have confidential information.

Education

Unfortunately, education is often undervalued. As technologists, we often see another layer of technology as the solution. This often doesn't work because users don't adopt a complicated process. That's why education is the final pillar in a strong security strategy.

All companies should have a cyber-education campaign that continuously reminds and educates their employees. The need to be vigilant about protecting information is not temporary or one-time. It must be an ongoing process, reinforced through awareness campaigns, instructional videos and spot testing. Security should be core to the culture.

Education ensures a common approach to security across an organization. It allows for a clear, controlled narrative that gives security experts a voice. After all, there's vulnerability at each point where a user interacts with a system. Ongoing education keeps security top-of-mind across an organization.

Towards a secure future

Regardless of industry, cybersecurity continues to grow in importance. It has already become a core competency for many companies - and even a competitive advantage for some. After all, delivery of secured data, accessed quickly and cleanly, is a key selling point. And once data has been breached, it can be difficult to restore trust.

A foundation for modern connectivity is built on the pillars of sensible regulation, self-protecting systems, multi-factor authentication and education. By engaging others in maintaining this foundation, everyone fights the continuous battle against cyberattacks.