ProCircular Information Security Experts Corner

Cybersecurity: What All Companies Need to Think About

Posted by Patrick Quinn on Oct 12, 2017 11:02:02 AM

CyberSecurityThere’s something powerful about bringing a roomful of Iowa technology professionals together to talk about forward-thinking ideas. You quickly realize how cybersecurity and data breaches truly impact every organization and everyone – and that no organization is ever too small to have a plan.

A recurring theme at the Iowa Tech Summit, held in September in Des Moines, was aligning technology and information security with business. Security is a challenge that you don’t face alone, no matter the size or purpose of your organization – but the solutions and processes that are best suited for your business are likely unique based on needs, budget, and vulnerability.

The “Human” Part of Cybersecurity
The reason that many cybersecurity systems aren’t working? Because they weren’t designed for the human element. Human error and lack of training are – and will continue to be – the primary weak points of cybersecurity. As former White House CIO Theresa Payton, Iowa Tech Summit keynote, pointed out: Cybersecurity can’t exist alone in a black box. Its fluid, ever-changing landscape has a huge impact on an organization’s people.

Instead of simply making decisions about cybersecurity in a silo, telling employees to follow the rules, and then strictly enforcing those rules, Payton says everyone must work together to make cybersecurity successful.

To help spur this teamwork, she recommended doing “walkabouts.” Payton and her team would actually take time to walk the floors of the White House, talking with staff members, asking questions about what’s working (and what’s not), and seeing how people are actually doing things to get a better handle on potential threats and how employees were responding to the security solutions in place.

Another key pointer Payton discussed: Involving people in your incident response plans. That way, no matter who is impacted, everyone will know what to do – and how to do it.

Are You Ready?
A question we encountered often at Iowa Tech Summit was: “What do I do if I have a breach?” Besides the obvious (calling ProCircular for help), asking that question means you probably don’t have a plan in place yet. The first step in preparing for a breach is actually creating a plan of attack, and being able to answer questions like:

  • What is your worst cybersecurity nightmare? How will you prevent it? What will you do if it actually happens?
  • When is the last time you tested the effectiveness of your security plan?
  • Are there clear roles and responsibilities?
  • Is your CEO or CIO prepared to address a swarm of media in the parking lot after a breach?

What’s Up Ahead
ProCircular Founder and President Aaron Warner participated in an Iowa Tech Summit panel discussion about the future of cybersecurity, helping business owners understand what’s coming down the road. Some valuable information was uncovered, and is summarized here in case you missed it:

  • In a few years, when passwords begin to phase out as a trusted security approach, “portable identity” may be a part of the equation as identity and access management technology matures. A cloud identity provider is affiliated with an individual. When you become affiliated with a corporation, for example, that affiliation would be set up as temporary – like adding credentials to your identity. With those credentials, you have access to the corporation. Once those credentials are removed, you no longer have access.
  • Instead of data existing in two states – 1 or 0 – Quantum computing uses quantum bits (qubits) that can store more information than a 1 or 0. This could potentially challenge and eliminate encryption years down the road.
  • Digital rights management is now possible for securing documents that contain intellectual property and sensitive information instead of relying on border or perimeter security. This technology stops you from sharing the document’s contents – and can also allow you to revoke the document if needed.
  • By employing prediction and prevention techniques to stop malicious attacks, artificial intelligence and pattern recognition are being used in modern SIEM packages. This can help IT staff focus on potential attacks instead of being distracted by events that turn out to be nothing. 

In talking to Iowa technology professionals last month, one big takeaway was clear: Cybersecurity is something that all Iowa companies need to be thinking about.

Want to chat with us about any of these topics? Or learn more about creating a cybersecurity plan? Let us know!

Topics: Cybersecurity, Iowa Tech Summit, Data Breach, Quantum Computing, Digital Rights Management