Creating A Culture of Security

chart

National Cyber Security Alliance

It’s been quite a year for Tech. And I don’t mean Windows8 or iOS8.  We’ve seen a string of data security breaches – Target, Dairy Queen, Home Depot, each one netting more unsuspecting, unprepared victims.  We’ve read about Chinese hackers letting themselves into our national security databases, like the National Research Council in July.  And the world is still trying to patch the leaks on Linux following the discovery of Bashbug, impacting almost all servers that connect us to the internet, while hackers continue to exploit those vulnerabilities with malicious code and malware.

We don’t know what the next juggernaut coming at us from around the curve is going to be. Malware, data breach, system hack. Or worse. What we do know, based on recent events, is just how unprepared we are for something bigger. There’s a lot of finger-pointing going on, because it’s easy to resort to the blame game. Nobody wants to be held responsible for a disaster.  Especially not when a class-action law suit is likely to follow.  The costs of clean up are staggering. As are the costs of damage done and customers lost.  By all accounts, this is the road that should be less travelled. So how do we make that the case? How do we stop playing catch-up and get out in front of what comes next?

banner_general (1)

One:  we need to rethink the whole concept of security in our interconnected world. Corporate Security Officers and Chief Information Officers have a vital role to play in bringing together all levels of their organizations to support and follow security procedures. We can’t keep paying lip service. We need to create a culture of security from within, working together on a common goal to effectively put up a united front. While that is the objective, a chain is only as strong as its weakest link. Which leads to the next point.

byodTwo: everyone has a role to play in managing security, and it starts with managing our own. Maybe you’ve heard the term “BYOD”? It means “Bring Your Own Device”, an increasing practice by employees in business. Laptops, mobile phones, tablets, flash drives. Portable data is how we live. It’s become how we do business.  All this extra tech finds its way into offices every day. But businesses do not secure personal devices. For the most part, they can’t track them.  The onus is on us as the owners of personal tech to ensure that we have installed adequate levels of virus and malware protection on our devices, and that we consistently perform regular security updates.  As well as following safe practices online so we don’t get phished or download more than we bargained for. If we’re going to bring our devices into work, then we risk exposing all our co-workers, and the safety and integrity of our business, to whatever we do with those devices.   That ounce of prevention we take as individuals really adds up because it’s a massive, costly undertaking to upgrade and repair systems in major organizations. Worse, any changes can take a long time to go through the approval process.  And during a disaster, that is time nobody has.

hackedThree: there is no absolute guarantee of protection. While we expect businesses and organizations to safeguard data and customers, it isn’t realistic. Human error and human fallibility will override whatever measures we put in place. Hackers work around the clock breaking through all the defensive measures currently in place, finding vulnerabilities we didn’t even know existed.  Every mistake we make, like carelessly downloading files or not using antivirus software, gives them the advantage over us and believe me when I say they are watching and waiting for those mistakes. When we commit to our shared responsibility in maintaining our defenses, we commit to building a culture of security from within.

I’m not wearing rose-coloured glasses about how easy this will be. Effecting change is hard, and cultural change is the hardest process. However, we are falling behind in the war on cybercrime, and time is a luxury we soon won’t have.  Cyber espionage is already far more sophisticated and damaging than ever, and cyber warfare may bring a fight to our door that we are not prepared to win. There are a lot of very talented people watching our backdoor, who are telling governments and businesses what they don’t want to hear. We need to listen to those voices, heed their warnings, and start taking action now. Because what we do now will most definitely determine the outcome of what happens next.

Resources: http://www.pcworld.com/article/2825032/linux-botnet-mayhem-spreads-through-shellshock-exploits.html
http://www.cio.com/article/2824268/data-breach/how-to-fend-off-data-breaches.html?utm_campaign=sflow_tweet#tk.rss_all

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s