In terms of technology, we are truly privileged to live in this new cyber world we’ve designed. We’re now at a point where we don’t ever have to leave our homes, with no effect on our quality of life. From asking Alexa to turn off the lights to tapping our smartphones to get the latest news or have food delivered from a favorite restaurant, we can’t deny that life is good thanks to the conveniences technology has brought.
But unfortunately, trouble often closely follows good times. And in this case, trouble is in the form of cybercriminals.
As technology continues to advance, so do the opportunities for cybercriminals. They’re on the prowl for financial assets, for personal data they can sell for a hefty price per record, and for files they can hold for ransom. The rise of internet-connected devices, paired with our increasing dependency on them, further drives criminal activities. Cybercriminals are quite innovative themselves as they continue to exploit new vulnerabilities in software code, steal user credentials with keylogger malware, and craft phishing emails that are nearly impossible to detect as fraudulent.
Due to the continued innovation of cybercriminals, the cybercrime economy is thriving. And it’s immune to the threats a regular economy faces, such as a recession. Although financial incentives drive some cybercriminals, others are motivated by different factors, such as a cause (hacktivism), political objectives, or even a hobby. Political motives are occurring domestically and globally, specifically in the forms of cyber warfare and cyber espionage between countries.
What can you do as a leader with the new role of cyber guardian?
What can you do as a leader with the new role of cyber guardian? It can feel quite daunting to step into this responsibility when you consider the magnitude of your organization’s technology assets, data and possible threats. Follow these two steps to start.
1. Perform an information risk assessment
This is the most critical tool in your cybersecurity toolbox, providing a roadmap for logically addressing your assets and threats.
- Identify all your assets — computers, laptops, mobile devices, networked printers and copiers, Wi-Fi routers, etc. You can’t protect what you don’t know you have.
- Identify the threats these assets face, and how you are vulnerable.
- Consider what you can do to eliminate or reduce these risks to a level that is within your comfort level.
All technology has risks and rewards. The key of a risk assessment is to identify those risks and reduce them to an acceptable level so you can reap the rewards of this innovative technology.
2. Implement controls to reduce identified technology risks
For example, malware infection from a phishing email is a significant threat. Your organization can take a variety of steps to mitigate this risk, including:
- Installing malware protection software on all systems
- Performing threat scanning on your mail server
- Limiting privilege in user accounts
- Providing frequent end-user education
Another common threat is an outsider exploiting a vulnerability to access your network. Common controls to reduce that risk include:
- Implementing a patch management program that ensures all systems receive the most current patches and updates
- Conducting frequent vulnerability scans to detect these holes and ensure timely remediation
As these examples show, it takes multiple controls to mitigate a single risk. This is important to note. There is no silver bullet for creating and maintaining an appropriate cybersecurity environment. Controls can — and will — fail at any time, so you should have multiple controls in place to reduce the dependency on any one control. A risk assessment will highlight the need for layered controls.
A risk assessment should not be viewed as a single exercise. Perform risk assessments regularly on existing technology and any time you consider new technology. Once you become an experienced risk assessor, this should become a natural way of thinking.
Technology and innovation are here to stay and will continue to improve our lives. Don’t be discouraged from embracing new technology simply because of the unknown. Use a risk assessment when faced with the decision to implement something new. Innovation can drive your organization forward and help you accomplish your mission.
Lisa Traina is President of Traina & Associates, a CapinCrouse company. Lisa uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author. Learn more at capincrouse.com/cybersecurity.