While I might not be in the IT trenches, over my years in sales I have had the benefit of working alongside IT leaders across multiple industries. I’ve learned first-hand about the problems IT leaders face in their everyday cybersecurity operations.
And what is the biggest takeaway? It’s that at small to medium-sized businesses or really any with a blossoming security program, IT leaders’ cybersecurity problems revolve mainly around a lack of three components: people, process, and technology.
With that in mind, here are seven cybersecurity lessons I’ve learned that stem from gaps in these three key components:
The Whole is More Than the Sum of its Parts To adequately protect IT environments, organizations need a well-oiled machine that consists of all three critical components—people, process, and technology. It’s a balanced system where an organization can only get the most from their investment in one component if they have the other components to complement.
Visibility into Defense at Depth I often hear about past security incidents where organizations had no idea what was happening until an attacker encrypted half their files. The common denominator is clear: they lacked defenses and visibility into what was happening during an attack. Unfortunately, the reality is that having a few cybersecurity tools and reviewing the occasional alert won’t protect organizations from the vast number of attacks they face daily. Defense at depth is a requirement these days, not a nice-to-have. You need technology to detect IOCs and people equipped with the processes to review such indicators.
Proactivity Pays Off I recently spoke with an IT leader facing a phishing email breach that encrypted every shared file to which the hacker gained access. The result? A three-day recovery effort. One thing he said stuck with me. He noted that while response capabilities are vital, he prefers being in a position where he can avoid dealing with incidents altogether. My lesson learned was that the ability to respond to an attack is great, but not having to deal with a breach at all is better. Proactive threat hunting and a continuously improving cybersecurity posture help minimize the need to deal with these advanced incidents. Threat Hunting is difficult tasks to staff so having your in house experts focusing on endpoint and network hygiene could be the most effective approach.
No Target On My Back It was only after talking to dozens of companies I had never heard of that I realized the truth behind this statement: “Just because someone is not a huge celebrity or corporation doesn’t leave them invulnerable to cyber risk.” The reality is organizations of all sizes face the same threats and risks, which are targeted both automatically and indiscriminately. Unfortunately, many smaller organizations lack the resources (across any of the three) to combat them.
Sleepless Nights Don’t Beget Results Many IT leaders don’t sleep well. I can’t blame them. The thought that attackers are continually seeking new targets—a University of Maryland study found that hackers attack every 39 seconds, an average 2,244 times a day —means they could wake up one morning to find their whole network down. Not having what they believe to be sufficient resources to protect their environment can leave IT leaders with little peace of mind. However that peace of mind and sleep schedule can be restored - filling gaps within people, process and technology through in house security operation centres or vendors providing similar capabilities can ease the anxiety that comes along with limited cyber protection.
Convincing the BoD is Challenging (Before a Breach) Unless someone has a strong understanding of the IT landscape, it’s hard to truly grasp the consequences of a breach and how prevalent they are. I frequently hear stories from IT leaders who struggle with convincing their boards that cybersecurity investments are a necessity, not a nice-to-have. This underinvestment in cybersecurity fuels a continuing cycle of immature cybersecurity readiness. Having cyber experts who are able to articulate to BoD’s the true importance and show true business value is crucial in obtaining proper people, process technology coverage.
Cutting Through the Noise
Finally, it’s hard to cut through the cybersecurity vendor noise. Simply reading vendor websites or glossy brochures won’t provide enough information. How can anyone genuinely navigate what vendor’s products and services are the best solution for them when there are thousands to choose from ? IT leaders need internal people or partners who provide that expertise such as our vCISO program, to help identify what solutions best fit the needs of their companies in order to build out the best suited people, process and technology.
I share these lessons I’ve learned to highlight the difficult tasks I know you’re facing as IT leaders and staff. Does any of this sound familiar to you? I’m guessing it does. So while, yes, I’m not in IT myself, I hope you can see how I’ve come to understand the challenges leaders in your position face on a daily basis. I’ve seen first-hand, for years, how the lack of people, process, and technology makes your job all the more challenging in the SMB space.