Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
When it comes to cybersecurity, companies of all sizes are faced with a number of challenges. Information Age’s A CTO guide: The main challenges facing the cyber security industry sheds some light. The author spoke with a variety of Chief Technology Officers, CTOs, to understand today’s challenges and how IT departments can better protect their companies. Here are the six areas that CTOs are most concerned about.
- Technological and human: Hackers are using new forms of technology in sophisticated ways. As long as there is financial incentive to break into computer systems, security breaches will occur.
- Big data create new security challenges: Company data used to reside in multiple silos across different platforms, but now with the need to centralize data and analyze it (i.e. big data), hackers often need only find one security flaw to exploit to access massive volumes of company data.
- Keeping up with changing technologies: It’s very difficult to keep up with every new form of technology and the skills required to understand these technologies. “How do you keep up with the best practices? You could be the smartest person today, but if you don’t keep up with the technology, it’s a problem,” said Sridhar Muppidi, CTO of IBM Security.
- The ‘growing cyber skills gap’: To close the gap, governments, businesses and educators need to invest in ensuring that young IT security experts are given good career paths and are mentored. The alternative is for them to turn to the dark side and become hackers.
- Security needs a ‘multi-pronged’ approach: According to Uri Sarid, CTO of MuleSoft, businesses have to treat cyber security as a multi-layered set of initiatives. “It can’t be a separate initiative from other things in the business. It starts from security by design, which means that at the design of every system, there are security concerns being built in. You have to teach people who create anything, whether it’s new software, or whether it’s integrations, or whether it’s new APIs, the basic principles of security by design.”
- Work on a basis of ‘assumed compromise’: Fear is a great motivator and believing that, at some point, your company’s computer network will be breached will help protect against break-ins. While the IT department must protect an entire company network, hackers need only breach one area to gain entry.
C-suite needs to be involved in cybersecurity
The rise in cyberthreats and security breaches means that C-level executives are now more involved in how companies protect themselves, since much is at risk including sensitive information, reputation, stock prices, and backlash. Forbes’ Explaining The ‘New Normal’ In Cybersecurity To The C-Suite states that, “executives need to understand that getting hacked isn’t a matter of if but when. This is the new normal in cybersecurity, and it changes the approach to preparation and risk management.”
When it comes to cybersecurity, author Travis Greene highlights that there is protection time and exposure time. Protection time is the ability to protect sensitive data while exposure time is about how to detect, respond and recover from a cyberattack. While every IT department can implement rules about using passcodes and warning employees not to open suspicious emails that can lead to phishing scams and malware attacks, they can only do so much to protect the organization. Another common issue is the differences between the IT security team and the IT operations team, since they frequently use “different tools and have different priorities.”
It’s important for IT leaders to engage C-level executives to understand where the cyberthreats are coming from, how companies can protect themselves, and how instilling a corporate culture of safety and security should be a priority for all senior executives.
Steps to protect your company
Almost 50 percent of small businesses have experienced a cyberattack, more than 70 percent of attacks target small businesses and as much as 60 percent of hacked small and medium-sized businesses go out of business after six months, according to the National Cyber Security Alliance.
In the article, Cyber security threats against small businesses on the rise in 2018, there are recommendations about how to reduce cybersecurity risks:
- Get a risk assessment and follow the recommendations (many companies don’t take action based on the assessment findings)
- Educate employees on email security and phishing scams
- Establish cybersecurity best practices and implement them throughout the company
- Adopt a two-step verification process as well as password vaults to create and/or store passwords so that not all passwords are the same
To learn more, visit the FBI cybercrime page at fbi.gov/investigate/cyber.
Cyber Oregon partner blog post of interest
- PKI Solutions: Cloud Insecurity: The Need for Stronger Identity Management