Cybersecurity Leadership Key to Protecting Our Information

Recently, President Obama identified cybersecurity as one of the most serious economic and national security challenges we face as a nation. Within the same statement he also admitted that this challenge, whether from the perspective of the government or from perspective of the country, finds us at time when we are inadequately prepared.

The proof of these challenges is all over the headlines: Home Depot, Sony Pictures, Target and JP Morgan Chase have all experienced recent breaches. And these breaches represent a small segment of a much larger picture. To combat these threats and stay ahead of the trend, we need to educate ourselves as a nation and as individuals on the dangers of cyber attacks and the tools of cybersecurity.

As individuals, we need to know what to do to stay safe, and as organizations we need to know what tools, processes and procedures we need to implement to protect intellectual property (IP).

Whether you’re interested in protecting an organization or your personal IP, there are two things you can do to have a proactive cybersecurity footing:

1. Develop a defense strategy and framework
2. Achieve situational and organizational awareness

Develop a defense strategy and framework

The Organization: Every tenant of change management clearly states that executive and leadership buy-in is critical for achieving goals. Keep this notion in mind while establishing a strategy and road map for your organization’s cybersecurity.

A good place to start is to develop a formal Security Operations Center, or SOC. A Security Operations Center is an evolution of most IT departments into a dedicated group that defends an organization’s network and responds to all security threats. It’s the first step toward formally and officially dedicating a set of resources. A SOC generally has a separate budget that is only used to combat advanced attackers and the threat that they represent.

Getting the needed level of support to establish a world class SOC requires absolute executive and board of director’s support. In the light of recent cyberattacks and cyber-related calamities, organizations now are reaching out to professionals to improve their security posture with the hopes of creating SOCs.

The Individual: In many ways, the way an organization protects its IP is no different from the way individuals can protect their personal information. It all starts out with a plan of attack.

Analyze ways that you are vulnerable. Map and prioritize your most sensitive data. Finally, come up with an approach to protect and monitor your most sensitive data. An example of how to use this planning is to develop a separate and unused email address for inputting on forms that require it. This mock email is meant to act as a “catch-all” for spam so that your main email address is protected from being used by marketers and thereby better hidden from potential hackers as well. You can always check your mock e-mail from time to time, but for the most part it’s simply used to keep all the bad things away.

Achieve situational and organizational awareness

The Organization: Knowing your environment is essential to protecting an enterprise. How many networked appliances do you have? Have you got any operational technology or is it all IT? What is the mix of off-the-shelf technology versus proprietary technology?

All these questions help map your technology and physical environment and need to be paired with your organization’s situational awareness. Do you have any Advanced Persistent Threats that have been targeting your organization or your industry? How prone to attack is your industry? Do you have a global network and enterprise? Have the vendors that you work with had a security assessment?

All these questions are crucial in determining the threat level of your organization and the potential technology, people and procedures required to respond to the established threat level.

The Individual: As students, teachers and consumers, we perpetually interact in a global and digital environment. Just like an organization, we need to assess our environments and actions to ensure we limit risk. How often do we see email come in from seemingly trusted sources that may have been compromised? How often do we interact with new online merchants or visit new websites that might contain malware?

Answering questions like these and maintaining a vigilant standpoint on our finances and personal data can go a long way to staying safe.