Thanks to all who attended our 2018 Winter Security Summit! Our speakers covered a wide range of security concerns. There was a focus on the future of cyber security and how to create a strong organizational commitment to good practices. Hopefully everyone learned useful strategies for juggling security, productivity, and cost.
Changing your company’s culture surrounding security is difficult. Often there are too few reasons for employees to change their behavior surrounding cybersecurity. And if these cybersecurity policies are overly invasive or restrictive? Forget it. End users will find ways to subvert the security controls, wasting all the time, money, and work that goes into developing them. In addition, the way companies implement cyber security is changing. Expect to see security decisions, formally centralized in IT, being delegated to specific business units in the future. These business units must make security decisions based upon an assessment of cost and risk. The time to start thinking about what this means for your business is now!
Kurt Roemer’s advice:
Integrate security into the fabric of the workplace. By changing the way we think about security, we can achieve far better results. Instead of viewing mobile and IoT devices as a threat to your network security, understand their relevance to your overall network as a bridge between the physical world and the virtual world. Leverage innovations like artificial intelligence and machine learning to answer questions you didn’t even know to ask. You can even combat vulnerabilities that arise from a BYOD policy by containerizing mobile access and developing context-aware policies. These controls can prevent people from accessing certain data offsite, on personal devices, or in otherwise risky scenarios.
But how do you motivate employees and executives to take cyber security seriously?
Accountability is a good place to start. Joe Decker described a RACI system which assigns a level of obligation (Responsible, Accountable, Consulted, Informed) to employees in regard to security protocols. Rachael Narel emphasized the importance of a holistic approach which includes proper incentivizing, as well as institutional support. Another way to improve engagement with security is to introduce trackable metrics. Adam Gassensmith suggested some quantitative numbers to track: clicks relating to phishing attempts, network or server events, repeated login fails, and detection time. The NIST cybersecurity framework is now a requirement across the federal government. It’s a great resource to approach when developing or improving your organization’s cyber security framework.
Join us at our next security summit in the spring! And check out peters.com for upcoming Chicagoland events and IT webinars. For more information on how to develop, implement, or improve your organization’s cyber security practices contact us at firstname.lastname@example.org.