With much focus and energy being placed on what to expect in the new year, it is also important to reflect on 2015 and think about mistakes we have made and what we have learned from them. As a result, Brian Contos of CISSP has provided five cybersecurity sins that organizations tend to make with suggestions on how to combat them as we enter 2016. As Contos states, “it’s fitting particularly at the end of the year when we aspire to be better than we were yesterday, but not as good as we hope to be tomorrow.” While this pertains to goals and aspirations in all areas of life, it can just as easily be applied to data-protection and cybersecurity. Here are Contos’ 5 sins cybersecurity executives should avoid:
- Trying to be perfect: As Contos explains, “Attackers have to be successful only once; defenders have to be successful all the time.” Making our networks 100% impenetrable is an unachievable goal, at least for now. Therefore, we must turn spotlight from preventing all breaches toward focusing on understanding what particular threats we face and strategize to secure those areas.
- Betting on cyber insurance equaling security: Both individuals and organizations must not view cyber insurance as the primary form of protection. Sure, insurance can help cover some losses on the backend but, it is far more important to catch hackers before the breach. Secondly, not all losses can be replaced by a monetary value. Companies must take into consideration the damage to a brand’s image and reputation, interruption in business and even forms of cyberattacks that a cyber insurance policy may not cover.
- Thinking that cybersecurity is a one-and-done solution:Technology is constantly evolving and just as hackers are constantly finding new ways inside “protected” networks, we must also develop new methods to stay one step ahead. As a result, it is very important for organizations to keep up to date with technology to ensure data is properly secured.
- Forgetting about getting employee buy in: While it is easy to blame a misconfigured device for the reason of a breach, Contos explains that in reality, human error is the weakest link in most cybersecurity systems. Hence, it is pivotal to “develop a cybersecurity culture” through training and “bridging the gap between the C-Suite and the most junior employees.”
- Not having enough focus on an incident response plan: For when breaches do occur, it is essential to have a well-defined response plan that has been tested thoroughly. Additionally, it is just as important for employees to understand and have confidence in their plan of action after a data breach occurs.