The news of the latest cyber threats and how much money these attacks cost companies is everywhere. Most only hear about the biggest cyber threats like Sony and Facebook, but businesses and organizations of all sizes are impacted every day. And, according to various consulting firms, the economic impact of these attacks has increased dramatically over the past 10 years.
As a result, your organization has already implemented methods or technologies to reduce the chances of a cyber-attack.
Do you think these initiatives are enough to keep your organization and your security implementation free of attacks?
Let’s back up a little bit and talk about two important points: what does cybersecurity involve and why is it so complicated to get it right?
Cybersecurity: What you need to know
Cybersecurity is complex because it contains different layers and it requires an active and continuous approach. What is secure today might not be secure in the future. Cybersecurity should start by educating your organization, followed by an evolving plan to mitigate the risk of an attack.
We start seeing initiatives in the industry such as The Open Security & Safety Alliance, where leading organization are partnering to create a common platform. For now, there are no standards or regulations to determine what a secure design should include or what type of testing is required to guarantee a cybersecure video surveillance implementation. But, there are some alternatives you can start implementing in your organization to reduce the risk of an attack.
For example, taking a pro-active approach to your cybersecurity is a good decision. You don’t need to wait until something happens in your organization to act. Remember, just because no incident has been reported, it doesn’t mean that you are free of attacks. In other words, cybersecurity results from a combination of people, processes, and technology. Each of these components contribute to a big picture solution: defense in depth.
The standard may be the vulnerability
Organizations have relied on firewalls, segmented networks, anti-virus, routers, and countless other technologies to protect their networks from the outside world. The drawback is that these methods are passive and today they are not enough to keep your organization free of attacks. Moreover, the so-called best practices can only serve their purpose if they are followed as intended.
For instance, a segmented network (separate your security and your live networks) is considered a best practice. However, if the security network can be accessed from a different segment or remotely (outside of the corporate network), this “best practice” is now a potential vulnerability.
However, network segmentation is not enough, especially if access is not well-controlled and if organizational defenses lose visibility, whether through shadow IT or unclear demarcations and responsibilities.
Data networks and the convergence to IP has increased the connectivity across the organization. Pretty much everything has an IP address and is connected to the network. This trend will only continue increasing in the coming years adding more and more devices to our networks.
IT is usually responsible for the network infrastructure and servers but not everything gets connected to the network. This gap contributes to reduced cybersecurity visibility. In other words, neither IT or other departments, such as corporate security, have the whole picture of what cybersecurity should encompass, especially if they don’t communicate and work together to address potential security gaps.
Cybersecurity is more than a firewall
We usually associate cybersecurity with the devices and applications/services connected and accessed from the cloud or corporate network. If any of these resources are vulnerable, an attacker can gain access to it and initiate an attack.
Cybersecurity, however, also involves the individuals using and/or managing these resources. This adds in a new level of security most organizations overlook: the human factor. In other words, cybersecurity not only encompasses a comprehensive plan to secure and protect unauthorized access to connected hardware and software. It also means the continued education of employees, on how to protect themselves from revealing or sharing sensitive information that can compromise the security of a resource or resources in your organization.
Learn more about Pelco and Cybersecurity.