Cybersecurity is Enveloped in Ambiguity

Cybersecurity is Enveloped in Ambiguity

In every corner of the world across every dimension of technology, there is an unprecedented growth in the users connecting to cyberspace. As the world’s use and reliance on cyberspace grows, so too grows our individual and global cyber vulnerability. In recent years, cybersecurity threats have accelerated and grown in significance, scale, scope, and sophistication. Protecting the critical infrastructure and data that underpin our financial markets, power grids, intelligence and defense systems, and which hold the intellectual property and private information of millions of businesses and individuals, has become a high priority albeit, efforts to improve the cybersecurity have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem. We can summarize the circumstances surrounding cybersecurity today in one simple word, ambiguity.  There exists both a lack of understanding as well as an overabundance of inconsistent concepts of the below items: What is cybersecurity? What are its dimensions? How do you operate it? What does it deliver? How is it achieved? How is it sustained? What drives it? How is it measured? Who is involved? This ambiguity combined with today’s existing IT challenges and their inherit diversity in perspectives have forged a complex and nebulous cybersecurity landscape. Additionally, ever evolving advanced persistent threats, regulatory mandates, and complex business operations have driven most organizations to regard cybersecurity as an IT challenge for IT to solve. The truth is that cybersecurity is more than just an IT challenge, it is equally a human challenge, and an organizational imperative to protect customers, partners, competitive advantages, and shareholder interests. The reality we face in this dilemma is that until we understand cybersecurity’s many nuances (and I mean really understand) we will continue...
How Security Leaders Succeed

How Security Leaders Succeed

Security teams rely on the ability to learn skills and process information on-the-fly to meet expectations from stakeholders across the business and combat an ever evolving persistent threat. One of the critical contributors to any security program’s success is skill availability. While technical experts and vendors have done great work building cybersecurity solutions, a businesses security program is nothing without the right people and the majority of security professionals today struggle to justify their value to the business. Security represents a vague and fairly intangible field of work that cannot be quantified through profit margins and in the absence of compromise or breach businesses are prone to undervaluing their security program’s criticality to the business. And so it should come as no surprise that the most challenging and critical roles in security is being a leader. Security leadership (directors, security architects, managers, shift leads, senior analysts etc.) must be able to understand the larger picture, translate security into the language of the business, and hold some degree of deep technical knowledge matured over a long career. Throughout my career I have witnessed security leadership either succeed or fail based on how they maneuver through three very common pitfalls:   1. Disadvantageous Support The Security Leadership team has a responsibility to ensure that they are providing the appropriate level of training and mentoring to the younger and less experienced security professionals. They must be sensitive and actively aware when they reward, discipline, and/or punish any individual on the team. Too much discipline or punishment have a tendency to reduce the free thinking innovative environment that successful security teams depend on....
Why You Should Focus On Database Security

Why You Should Focus On Database Security

Big data is on the rise and with it are the number of databases you’ll find in any given business. Data is the life blood of any business but nevertheless, It’s clear that most businesses today still manage database security by the seats of their pants. The majority of businesses do not monitor their databases at all and even more troubling, most don’t even know where their data resides. Before a business can protect its data, it has to know where it is but many security teams are finding it difficult to track their data across numerous disparate databases. Security must adapt to keep pace with the sheer volume of databases that are running these days by systematically monitoring their activity to truly gain visibility into who is accessing what data. The most common cause of database vulnerabilities is a lack of due care at the moment they are implemented. Although any given database is tested for functionality and sustainability, very few checks are made to check the database is not doing things it should not be doing. Many of today’s nastiest breaches occur at the hands of hackers who take advantage of database and web application vulnerabilities to break into sensitive data stores. Ultimately the weaknesses found in database security today is an administrative rather than a database technology problem. Security teams and database administrators need to develop consistent practices for looking after databases. Security controls such as, the segregation of duties, can make life much more difficult for insider threats. In addition, limiting and controlling administrator privileges can make attackers have to work that much harder to...

Share This

Share this post with your friends!

ENTER YOUR ACCOUNT
Remember Me
OPENLY SECURE SERVICES
CONTACT US
SIGN UP FOR EARLY ACCESS
REQUEST EARLY ACCESS