Recently I attended the ISACA 13th Annual WOW Conference with my team. While there I gained a ton of knowledge from people from different industries—healthcare, financial, educational, and many others.
As the conference was going on, some of the speakers spoke about very interesting subjects. There was a presentation on FBI's InfraGard alliance, another about a book that was being released by Kevin McCarthy titled Blind Spots, and a talk on online security addressed by FBI agents - and many more. Pretty awesome right?
One of the presentations that really stuck out to me, though, was: “How to reduce the cybersecurity gap in IT.” Although many in the room already knew the answer to this question because of expertise, the presentation was more on how you can transfer information and awareness to others in your organization.
My thoughts on cybersecurity
For me, cybersecurity isn’t so much about expensive hardware/software but more about company wide awareness and training. You can have all the expensive hardware and software protecting your company, but ultimately one employee can fall for a scam and open the door to cyber criminals.
Cybersecurity is a tough subject for some people. Especially when there are so many news articles about huge companies suffering from data breaches. So, what can you do to protect your company from any online threats? It starts with company-wide education, being prepared for breaches and collaboration with other businesses in your industry and maybe even in other industries.
Any enterprise will probably prioritize security awareness and training for C-level executives rather than for the intern who got hired for two months. But that intern is the biggest security threat to the company. Security is making sure ALL employees are educated on security risks and best practices on how to avoid them. At the end of the day, you want to trust your employees, but you also want to make sure you are keeping them educated on best practices and new technologies.
Be prepared
Being prepared for a breach is one of the best things a company can do to make sure recovery is as fast and seamless as possible. As the well-known cliché goes, It's not “if” you will be breached, but “when” you will be breached. Investing in the right infrastructure and designing your cybersecurity roadmap is key.
There are so many different attack vectors that can cause a ton of stress and discomfort to a company. Here's a quick checklist to keep in mind:
- Test backups regularly
- Have a business continuity plan in place
- Conduct external and internal penetration tests
I think these are some of the things that can be done to ensure safety. Turning to external companies can add the element of surprise to your IT staff. I'd also recommend testing real world incidents as they happen to test response time, readiness, and effectiveness of your staff.
Get inspired
“I don’t need to know everything, I just need to know where to find it, when I need it." – Albert Einstein
.jpg?width=182&name=1620px-Albert_Einstein_Head%20(1).jpg)
When speaking about collaboration with industries, I find that getting involved is key. Going to conferences, speaking with like-minded individuals, and getting ideas from other people help you to gain insights and grow as a professional.
When needing help, you can always turn to other people in the same industry as you. Having close friends in the same position as you, sharing ideas and discussing innovations makes the job easier and less stressful. Going to events like the ISACA WOW Conference, and joining alliances like InfraGard, all help people to bond and feel more at ease talking about cybersecurity issues and risks, and mitigation strategies.
Remember, communication and cybersecurity awareness training should be at the heart of your enterprise level strategy to help you address the cybersecurity gap in IT.
Let 24By7Security help you with your cybersecurity strategy. Call us today for a consultation.
-1.jpg)
