Over the past few years “security” has become a buzzword across many industries, and for good reason. With the threat of data breaches haunting industry stalwarts, household brands and countless consumers, companies are paying more and more attention to their in-house security strategies.
To be smart about security, IT professionals need to think like a detective. We need to think like the “bad guys” to protect the “good guys,” and identify weaknesses before they are exposed.
However, more than 315 technology and security professionals surveyed in the 2018 Black Hat attendee survey revealed that when it comes to defending against cyberattacks, only three types of technologies were rated as “very effective” or “somewhat effective” by a majority of participants: encryption, multi-factor authentication tools and firewalls. The remaining technologies—including mobile security tools and data leak protection—were ranked “effective” by fewer than half the respondents. Passwords, perhaps the most universal of security technologies, were rated “effective” by only 19 percent of security professionals and “ineffective” by 37 percent.
Despite the broad availability of security technologies, there has been a rise and fall in the effectiveness of certain technologies, as the broader landscape shifts and hackers get smarter. Exploring the available security technology through the eyes of “on the ground” technology and security professionals better enables us to identify why the three leading tools earned their recognition as most effective—and how the industry is effecting that change.
The Modern IT Landscape
New technologies such as artificial intelligence (AI), machine learning and hybrid cloud have significantly influenced the effectiveness of security strategies that may have been successful just five years ago. While IT teams are eager to implement new technologies, they cannot allow their security practices to fall by the wayside—in lockstep with the introduction of next-generation technology, some security practices have become obsolete in turn.
Modern security strategies must remain fluid: Treating your security practices as an afterthought can be dire for an organization in the modern IT landscape.
However, many organizations may be unsure where to start when it comes to security processes, protocols and figuring out which technologies are best for their businesses. Smaller organizations specifically may not have a full-time security officer, but it is important to have a member of the IT team trained in security or a contractor who can assess the current status of the security practices and determine where the weakest links are. Once the assessment is complete, it should be clear which security strategies should be implemented. Following a companywide security audit, for example, you can decide if dual authentication is needed in the sales department or if encryption is needed in finance. Security plans are not one-and-done, they should evolve as you assess your business’ needs and the changing technology landscape.
The Tools of the Trade
While a strong security strategy is comprehensive, three technologies emerged as leading underlying protocols in 2018—encryption, multi-factor authentication and firewalls—and are crucial assets to any cybersecurity arsenal.
- Encryption: Many federal organizations have been successfully using encryption for years. IT organizations should consider it as part of their security plan as well. Even when implemented at the most basic level, encryption can be a great asset for a company. If a company laptop is stolen, for example, the private, proprietary company information stored on that device can be subject to exposure. The laptop user may believe they’re doing well at keeping their documents and personally identifiable information secure, but we all know how easy it is to make errors, such as saving a document in an insecure place. Encryption can act as a safety net: The processing power needed to even try to break encryption is extremely challenging and is a lengthy process, so while a file might be in plain sight, a thief will not be able to access the data and it will be rendered useless to them.
- Multi-factor Authentication: Long gone are the days when your primary device password could be your favorite color in all lowercase. Truthfully, you shouldn’t just have one password anymore. Most security questions can be easily guessed or researched now: a quick online search can lead hackers directly to your mother’s maiden name or your high school mascot. The extra layer of security provided by a multi-factor authentication tool is necessary in 2018. With multi-factor authentication another layer of security is added, whether it’s a token or a four-digit code sent to you via an approved communications channel (email, text or even a mobile push authentication tool). It’s another way the good guys have outsmarted the bad.
- Firewalls: Firewalls remain a leading, effective security technology. Firewalls have been around since the 1980s and are still an excellent defense for an IT team. With a firewall you can create rules, stay on top of controls, filter traffic and keep people within the organization safe.
Staying Ahead of the Game
While encryption, multi-factor authentication and firewalls are all excellent security management tools, there is one other invaluable tool—user education. As they often say in sports, “Your best defense is a good offense.” User education should be viewed as an investment in your IT organization. Almost every company now has a budget devoted to security, but rather than spending it all on hardware, it’s important to spend some on helping your teams understand risks and best practices. Humans are often security’s weakest link. Understanding how to create a smart password or when not to click on an email can make a world of difference in an organization’s success when it comes to security.
With today’s ever-changing technology landscape, it’s more important than ever to stay aware and educated on current security trends, as well as those that have been rendered ineffective. A flexible and custom security plan that is maintained regularly can be invaluable in today’s technology climate.