Staying Vigilant About Cybersecurity
Staying Vigilant About Cybersecurity
Cybersecurity requires constant vigilance, so what's the best way to go about it? Check out this post to gain more insight.
Join the DZone community and get the full member experience.Join For Free
A recent Security Affairs article said, "There's a prevailing mindset that suggests, if organizations ban all the things that pose risks to overall cybersecurity, they're taking the most effective approach to make their organizations secure." It goes on to explain that, while this might seem like the best way to manage the constant onslaught of security issues, it isn't necessarily the best way to do business, nor does it offer the most flexible way to handle technology and its constant changes.
Blanket bans of technology, taking responsibility out of tech experts' hands, and limiting the ability of other departments to adopt tools and solutions that can give them more control and efficiency are more than one way to ensure that you close the door to innovation. Such bans also breed a culture of complacency, i.e. "we don't need to worry or think about this because it won't affect us, if we have shut the door completely on X, Y or Z." And, complacency is the last thing any company needs.
This, as Security Affairs shares, is oversimplifying, saying that it is both too complex and too important to set on the backburner. Vigilance means that organizations and its employees need to work together to make cybersecurity a priority - and to keep it top of mind.
How Restrictions Hamper Progress — and Don't Equal Better Security
- Banning specific technologies and technology providers can be short-sighted, having a negative ripple effect that can limit or prevent access to technology.
- Many corporate cybersecurity plans take specific companies or technologies into account without understanding the underlying vulnerabilities or the full architecture and weak points within it, leading to gaps and issues.
- Enforcement can be weak in that a company can ban a piece of software or technology, but they cannot easily monitor how their employees comply with these policies. The widespread use of apps and mobile devices makes this much more difficult to monitor and enforce, leading to potential gaps in security measures.
- Bans can prevent employees from accessing and using tools that pose no great threat but do improve their performance or overall results.
- Security policies are rarely, if ever, comprehensive. Risk assessment can be thorough, but there will always be blind spots and unforeseen gaps that no one was prepared for. Restricting access does not protect anyone from shortcomings (for example, in software that has not been vetted and is still permitted). As Security Affairs notes, "...instead of enforcing bans, the better approach to take is to figure out how to use the software in ways that protect a company's information."
This is what cybersecurity vigilance is all about. There is no way to guarantee 100 percent safety and security, but there are many measures companies of all sizes can take to put protective measures in place. Cyber threats are constantly looming and infiltrate even the securest of systems. Thus, proactively putting in place a flexible security strategy and implementing security policies that monitor security risks at every level and put security measures in place where and how they make sense will be more effective and sustainable in securing your infrastructure and information.
Published at DZone with permission of Erika Wolfe , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.