Cybersecurity Basics

Dateline: July 7, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Next week I’m leading a session on building a cybersecurity culture at of the annual meeting of the Cybersecurity Consortium at MIT’s Sloan School (Full disclosure: I am the Executive Director of the Consortium, you can learn more about (IC)3 activities and membership here).   In preparing for this event, I ran across an HBR blog by Mark van Zadelhoff, GM of IBM Security, titled The Biggest Cybersecurity Threats are Inside Your Company.  In this blog, he reminds us that the majority of cyber attacks involved insiders, either intentionally or unintentionally.  He outlines the types of insider risks and suggest some very prudent solutions.  Of particular interest was this one:

Don’t forget the basics. In security we love the newest tools. But getting the basics done well can make the biggest impact on insiders: Applying software patches automatically closes that open window before a hacker can use it to access your network. Enforcing strong standards for user identities and passwords means stealing credentials is that much harder. Collecting all the data and forensics you can on every device that touches your network makes sure you’re the first to know if you’ve been hacked, not the last. But forget technology altogether — user awareness programs are the key to educating insiders. Train your people, test them, and then try to trick them with fake exercises. These basics make a disproportionate impact but they do require work and perseverance.

How do you make sure the basic cybersecurity blocking and tackling  are done in your organization?  What is one thing you can do to improve this aspect of your cybersecurity plan?

That’s a WRAP!  Have a great weekend!

Speak Your Mind