Cybersecurity is obviously an extremely relevant concept within the scope of the global corporate enterprise. (PII) data leaks, personally Identifiable Information, has continued involvement with phishing attacks as well as state-centered hacking, bringing to light the importance of cybersecurity for the general public.
While the average board member is more aware of the intrinsic value of cybersecurity than in the past because of the growing trend of phishing and ransomware payments. Front-line employees, themselves, are also more aware of the value of cybersecurity as a result of the increased understanding of what not to do.
The state of cybersecurity is “indeed strong. As the Cyber Security Hub Year End Report will elucidate, nearly 80% of the community feels that the overall state of cybersecurity, meaning operations, resiliency, compliance, awareness, etc., is improving.” That being said, this amelioration should continue given the uncertainties that tomorrow may hold.
Awareness
The Mid-Year and Year End reports have demonstrated “a sustained focus and expense on Security Awareness. Cybersecurity executives seem comfortable with the returns to date. But we are now in a whole new world and the pre-pandemic security awareness quotient does not cut it.” Some key questions that notable and should be considered are listed below:
How often are you in front of the organization regarding security awareness?
Are you expediting security awareness the same way that you’ve always done it?
Is each person in the organization aware of all of the new threat vectors?
Automation
The Cyber Security Hub Automation Report has recently come out with some key takeaways. To put it simply, from a financial context, the takeaway was that “more needs to be done than there are dollars to do. Automated attacks are on the rise and the global pandemic has not been kind to budgets. That means that organizations must make choices on if they can handle any amount of cybersecurity automation investment.”
There tends to be a strategy of selecting what specifically to automate with key awareness of the fact that automation might eventually “reduce overhead, the human resources needed to make automation work have to be found and added first.” Below, are another set of key questions for analysis and application.
Key Questions:
Do you have a budget for automation?
If yes, do you have the talent you need for automation?
If no, what technical debt do you have that you could lose?
Taking into account the recent creation of the Zero Trust conversation, it’s also critical to start the SASE conversation. Our friends at Okta have a “handy chart that shows four levels of a Zero Trust organization. The first level is level zero (no-relation). Common wisdom has most global corporate enterprises at either level zero or level one. Most folks think that less than 10% are at level 3 (that’s the highest level). The Cyber Security Hub Year End Report will showcase the fact that 75% of the community is telling us how they stopped worrying and learned to love the VPN. (That’s a reference to the title of Dr. Strangelove if you’re keeping score at home). The point being- a significant portion of the community is on the just at the front end of figuring out IAM & PAM for their organizations.”
In other words, there is a long way to go when it comes to implementing a Zero Trust Network Architecture (ZTNA). A ZTNA is also just one piece of a Secure Access Service Edge (SASE). Gartner released their first analysis of this concept towards the end of last year. The general consensus is that “solution providers do have offerings and the top of the market is buying.” Below are more key questions of relevance for this topic.
Key Questions:
Where are you on the IAM/PAM continuum?
Where are you on the Zero Trust continuum?
Where are you on the SASE continuum?
With the presence of cybersecurity month, it;’s vital to stay informed on the latest trends within cybersecurity and how it can affect you or your organization. Being a CISO and understanding the significance of cybersecurity awareness as well as being able to execute the job itself is no easy task. But the fact remains, this role and many others within the realm of cybersecurity are absolutely necessary for overall security and safety purposes.
Comments