Is My Security Good Enough?

penetration_testGood question.  A recent article in Tech Republic quoted a CompTIA IT Security Report that said that nearly half of IT managers believed their cybersecurity was “good enough.”  This may be wishful thinking, or it may mean that many organizations have done the work to firm up their network defenses.  What about your business or organization?

There are a few actions that any company can take to improve their cybersecurity profile.  They are:

  • Be proactive, not reactive.  A lot of what passed for cybersecurity in the past was waiting for something bad to happen, and then reacting to it, a classical “break/fix” approach to security.  To be effective, your strategy has to include staying current on threats to your organization and vulnerabilities on your network, and dealing with them before something happens.
  • There is no perimeter.  Perimeter defenses alone just don’t cut it when half your network is in the cloud.  You also need to be looking at “east/west” traffic  on your LAN, the activity inside your network, for patterns that could indicate malicious activity.  Every email inbox has the potential to be a launch point for the next network intrusion, so focusing on the edge alone is no longer effective.
  • Early detection.  It used to be that most security efforts focused on preventing an intrusion.  While prevention is still important, early detection of a breach has become more so.  Maybe an IDS (Intrusion Detection System), IPS (Intrusion Prevention System) or a SEIM (Security Event and Incident Management system) would help.

Hiring your own cybersecurity professional to add to your IT staff may be impossible, since there is a 15% greater demand that supply of people with these skills.  Your best bet may be to partner with an company that specializes in providing cybersecurity solutions to businesses like yours.  This may be more economical in the long run than paying for full-time staff.  Additionally, your cybersecurity partner could be tasked with the monitoring and analysis that goes along with solutions such as IDS, IPS, and SEIM systems.

In any event, if you haven’t added these initiatives to your network to-do list, you really should.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.