In my experience of working over two decades with technology executives, I have noticed that most cyber attacks are due to companies not covering the “basics” of cybersecurity and feel they need to focus on the high dollar initiatives – business continuity, disaster recovery, network security, data encryption, etc. However, putting a concentrated effort on asset management I have learned is a key to securing your infrastructure. I have seen companies tighten up their networks so the risk of intruders getting in is mitigated, however they overlook that there are numerous devices already within their network that are greatly exposed to outside attackers.
I was having a conversation this week with one of the CEO’s that I work with, who is not whom one would refer to as technology gifted. This man is a brilliant businessman, but just doesn’t want to understand technology, and specifically cybersecurity. While having to remove all the tech jargon, and make it simple, I explained to him cybersecurity in this manner. I told him that all his business’s prized possessions are in a closet. Do you want this closet door — (1) opened, (2) closed, (3) closed and locked, or (4) not visible at all? Of course his response was (4) not visible at all.
When you hear the word cybersecurity, most people in the industry refer to the “CIA Triad which is Confidentiality, Integrity, and Availability. The stark reality is that no matter how much time, money and resources you put into protecting your data, you cannot stop 100% of all the potential breaches. There are simply too many threats to manage them all… externally AND internally.
Yes, think about the employees who aren’t the most responsible when sharing company data, or the ones who don’t manage their inbox as they should. With the advances in smartphone technology, a cellphone which is not properly secured can allow access to the company’s CRM, or even worse access company databases directly to access confidential information.
In one of the previous companies I led my nickname was “secret squirrel” because I always kept my data secured and knew every device within my infrastructure. I not only knew every device that was on my network, I knew the configuration, exactly who had access to it, and what level of access they had. When you have a grasp on asset management, something as simple as a vulnerability scan can easily identify those routers or access points (or smartphones) that are not as secure as they should be.
Try Changing Your Lens, and think of how a potential attacker might infiltrate your infrastructure. I can assure you that the more you know about your technology assets, the better you can secure them.
If you would like help creating a cybersecurity plan for your business, please reach out to me.