Cyber Security: Technology Alone Will Not Win the Cyber War
Setting Priorities in Cyber Security
Folks are running out to pay $4.00/gallon for Super Unleaded gas because that’s all that’s left, if any, after the Colonial Pipeline ransomware attack has initiated a toilet-paper-like hoarding event. We’ve been blogging for years about the increasingly sophisticated tools and techniques the bad guys are using that could enable them to hack critical American infrastructures, like our power grids, pipelines, water treatment plants, and hospitals. So why are there still outstanding cyber security vulnerabilities that, if exposed, can bring our city governments and our nation to a standstill (in line at the pump). The U.S. Department of Homeland Security recommends prioritizing your investments by potential damage from the threat. Businesses understand the implications of not focusing on cyber security, however it is rarely an immediate core concern.
Evil Entrepreneurs
Criminal actors are essentially entrepreneurs that introduce a business model very similar to any private company. They seek to maximize ROI, lethality, speed, and investment in ongoing research and development to do their jobs in the most secure and effective way—ultimately defeating the progress of national security’s technology innovations. With growing complexity, adversaries avoid detection, become more aggressive, and strike more frequently. To maintain an edge, the winning team will be the one that not only integrates and deploys the latest technology faster, but also receives technological and operational support and cooperates with mission guidance to implement the most efficient workflows to exceed mission requirements. Securing these critical business objectives from malicious actors begins with understanding realistic threats and our cybersecurity responsibilities.
How Much is Your Operation Worth?
Each organization has different ways of assessing the cost of operations. The value of protecting those operations is often immeasurable. We saw that this week as folks swarmed gas stations in a panic that there will be a fuel shortage—which, in turn, actually caused a fuel shortage. The reality is that ROI is a long game when it comes to cyber security. Look for a partner with multi-faceted solutions that focus on advancing the performance, efficiency, and security of your mission. Your solutions should include intangibles through synergy:
- Customized & trusted discreet procurement
- Dedicated Account Manager
- Mission guidance and corporate liaison
- Premier support for evolving mission requirements
- 24/7 Network and Security Operations Centers
- Technical and operational training
- Mature mission expertise in the information domain
- Continual Provision of TTPs in Online Operations
- Sophisticated operational auditing and oversight
- Purpose-built technology for the most demanding environments and adversaries
- Proactive risk management methodologies
- Focus on security governance, risk management, and compliance
Urgency vs. Importance
Clear frustration has been voiced regarding Colonial Pipeline’s weak security protocols and a lack of preparation to fend off a cyber-attack. These vulnerabilities don’t start and stop with commercial businesses. All organizations struggle with prioritizing cyber security. Typically, it comes down to urgency versus importance. Without a dedicated in-house cyber security team to make recommendations, organizations often approach security by examining the bottom line. Their choices are:
- Hire someone to try and build the solution. It would cost $XXXX, and you’ll see the results in a year or two,
- Buy an off-the-shelf product for $XXXX which will protect you today, or
- Focus your budget on the urgent and important line items that are staring you in the face now, and hope for the best.
Often, the third option seems like the path of least resistance. After all, threats are much less intimidating when you can’t see them.