The reason we wear our seat belts is not to avoid getting a ticket from the police, but rather to avoid a potential injury in a car accident. This analogy is an easy way to describe the difference between box-checking security and real security, and it's instantly understood regardless of technical knowledge. This message resonates with executives, because they typically prefer to “get to the point” and correctly protecting their data is “the point” of cybersecurity.
As cyber attacks continue to become more industry specific, we can expect 2019 to hold a variety of new threats designed to target manufacturing. Unlike banks and hospitals, which have been more frequently targeted and tend to be more prepared, the manufacturing industry is still working to get its arms around cybersecurity. This hasn’t been lost on hackers, who continue to benefit from organizations without high levels of maturity. Below are some trends and threats to consider while planning your security efforts in the coming year(s):
“What are the top 7 things you can do to protect your business from hackers?” Have you ever read a list like that on the internet? In the cybersecurity realm, they’re everywhere. I’ve even assembled and presented one of those lists to a group of business owners myself. They tend to point out things like user awareness training, patching and passwords. All noble things to get your arms around, of course, but are they useful to a client? Sometimes I feel as though those lists, as true as they are, are about as useful as telling a football team to “score touchdowns”, or “guard the quarterback.” Yeah, I know that scoring touchdowns is good… but how?
Everyone has (or should have) an anti-virus solution. It's probably barked at you once or twice for downloading a file from a sketchy website or opening a link from an email you didn't quite recognize. But how does your anti-virus know what programs are bad, and what programs are good?
Having the right technology should be part of your cybersecurity strategy – but it’s not the only part (and maybe not even the most important part). As an organization’s most valuable asset, investing in people to improve cybersecurity can provide a line of defense that’s tough to find from software or technology.