Without a doubt, cybersecurity is an exciting industry.
It’s mind-blowing to look back and recount just how much has happened over the past 12 months. Never a dull moment, to be sure. Lots of successes and advancements in the industry. Our clients learned a TON. We’ve all done some very good work.
It’s equally mind-blowing (and intimidating) to consider how much more we must face/do/plan/prepare for in 2020 and beyond. Security engineers, executives, IT professionals, managers, employees, consumers…truly, we’ve all got our work cut out for us.
You’re probably thinking, “Here we go again: yet another doom-and-gloom assessment of cyber-threats to come!” Broken record syndrome. Here come the Killjoys. The wet blanket squad. Party poopers. Fuss-budgets.
We get it.
But before you think we’re scrooging out or crying wolf, you should know that’s hardly our style. We’re friends, not fear-mongers. And while things are indeed likely to get worse before they get better, there’s a lot worth celebrating in cybersecuirtyland as we close 2019.
So use this post as a sort of “Year-end Checklist” for you and yours, a chance to acknowledge everything you’re doing well and be honest about where your vulnerabilities lie. Then treat your company, your clients, and yourself to the peace-of-mind of having ProCircular as your trusted partner and ally throughout the year to come.
New tech = new risks
No doubt, the technology you’re using today is greater and more powerful than the technology you had a year ago. Complexity breeds risk in any domain, especially tech.
Each day increases the number of connected devices, automated conveniences, and intelligent systems created to make life easier. All improvements to the human condition, but the greater the systems behind daily life, the greater the chance that important data is stolen and exploited.
Make a list of all the new tech your organization has onboarded this year. Reflect on how that has benefitted your productivity or profitability. Then circle back to verify how many of those advancements—and the data they access and create—were included in your last vulnerability assessment or Security Awareness Training initiative.
It’s probably time for us to revisit them both.
Head in the Cloud
Once a luxury for only the best-funded, risk-taking organizations, the scalability and comfort of cloud-based infrastructure has finally gone mainstream. Lower costs, improved security, and vendor migration away from on-prem technologies have brought cloud computing to the forefront of organizational data storage. The cloud shares many of the advantages of a centralized system, namely the ability to make incremental improvements and apply it across the entirety of a system.
For all its advantages, the cloud still brings classic human risks along for the ride. Misconfiguration or rushed implementation can lead to the same threats that legacy applications posed in years past. A lack of familiarity with the constellation of administrative systems has replaced the need to understand underlying source code that made up objects and services in the past. While cloud-based systems may be easier to understand from a technical perspective, they're no less deadly when it comes to security.
If you’ve migrated to the cloud this year, or expanded your reliance on it, congratulations! It’s bound to help you advance to the next level. And just to make sure you stay there, book a fresh Vulnerability Scan or Pen Test. You’ll sleep better knowing it’s secure.
Government Response
When they’re short on solutions, governments and industries craft regulation and guidelines. So it goes in both cybersecurity and privacy.
The result has been a web of confusing, often conflicting requirements. As lawyers struggle to meet differing state disclosure requirements, the legal expense can often outweigh the technical costs of a data breach.
Even if the federal government created a single breach requirement (it hasn’t yet), it would still be complimented and complicated by specific requirements for differing industries. Financial firms, retail, manufacturing, healthcare, education…all have mandates outside the standard governmental sources.
What new privacy or data security regulations have blossomed in your neck of the woods? How will they help your business or industry in 2020 and beyond? And are you 100% confident that you’ve complied to the letter of the regulating language? Perhaps a regulatory compliance checkup would help, followed by some Compliance Training to keep your team working wisely.
The Good News
Just to prove that it’s not all about risks and regulations, let’s take time to acknowledge the best things we’ve got going for us.
Best of all, everyone is more aware of cyber risks. Be it the board president who just finished reading Forbes, or the custodian who’s vigilant about his cell phone being hacked at a coffeeshop—cybersecurity is on everyone’s mind these days.
This heightened awareness has more organizations taking initiative and investing the time and resources required to increase their security posture and knowledge. Cybersecurity research is moving faster than ever, leading to significant improvements in cyber defense. On an individual level, people are much more aware of what to look for in terms of threats, and an uptick in training budgets reflects the value employ/yers are placing on educating them further.
Keep your chin up and your eyes open
As much as we wish it were all sweet treats and sugar plum fairies, the truth is, with a presidential election brewing and the US economy still in growth, we can’t go stepping off our cybersecurity soapbox just yet.
The malfeasance of bad actors from around the globe remains a very real threat for the year to come. It will take vigilance, preparation, and commitment to see your way through safely. But with a little bit of planning—and a tried, trusted, and true friend like ProCircular to lead the way—we know you’ve got the good sense and foresight to persevere.
Here’s to your secure success in the coming year!