May 13, 2019
By Mike Kirby, Head of Managed Risk and Security Services, Integrated Financial Solutions, FIS
When it comes to cyber security, are you protected? Or are you rolling the dice?
Organizations dismiss the danger of cybercrime for a number of reasons. They think no one would bother to target them since they’re not big enough. Others may feel that they’re protected because their cybersecurity practices pass the annual audit or assessment.
But if you’re attacked, it’s not your auditor whose name is in the headlines. And your customers will be angry with you – no one else. Could you absorb the reputational damage, potential lawsuits and possible customer losses? Some organizations can’t.
So now you’re convinced that you need to pay more attention. Where do you start? The bad guys are innovating fast (sometimes faster than the good guys), the good guys are creating new technology to stay ahead, and the data volumes produced by new technology continues to grow. Humans simply can’t keep up. Great, so let’s bring in artificial intelligence and let the robots do the thinking.
Sorry, it’s not that simple. Artificial intelligence and machine learning helps. However, you must address cyber security on three fronts – processes, people and technology.
For instance, the first version of any process or procedure is always wrong. In the case of cyber security, you won’t know that until you’ve put it through the paces, either in a real-life event or, preferably, an exercise/simulation. But if you’re a smaller organization, you may not have the resources to mature those processes and procedures fast enough to stay ahead of the threat.
And by resources, I mean people. There’s a real shortage of talent in this area, cybersecurity professionals are at a premium and hard to find. According to cyberseek.org there are 313,735 unfilled cybersecurity jobs. Larger organizations may be able to recruit a team. But it’s very challenging for a smaller organization to hire enough people needed to monitor all potential threats on a 24/7/365 basis.
Finally, there’s the technology. The good guys are innovating new ways to detect and defend as fast as they can to stay ahead of the bad guys, who constantly come up with new techniques. But cyber security technology is expensive – and before you can use it, you need people who understand how it works and how to apply it to – yes – your processes.
So now we’ve come full circle. You need technology that stays ahead of whatever the bad guys can throw at you. Processes that have matured over time by testing and eliminating gaps. And people who know how to use the technology and adapt the processes as the technology changes.
Ultimately, it boils down to people, process and technology. Do you have the right people? Have your cybersecurity processes matured over time to defend against the modern adversary? Is the technology used to defend your organization modern?
Take a closer look at your cybersecurity strategy today.
Jumpstart your day in a matter of seconds with quick snapshots of industry trends and leading perspectives delivered straight to you. Sign up for RISE here.