Cybersecurity Takeaway #1 – Embrace a layered approach.
Cybersecurity is a discipline that encompasses people, processes, and technology. While accidentally sharing your log-in credentials on a public technology forum, LinkedIn, Facebook, or Instagram is an open invitation for invasion; technical safeguards will save the day.
Even if a threat actor has a user ID and password, they will be stopped in their tracks if the potential victim is using Multi-Factor Authentication (MFA).
Here’s a simple example: whenever I log into my personal Yahoo account through the LastPass portal, I receive a notification on my cellphone that requires me to verify I’m the one logging in.
I push green for “yes” and red for “no.” Over the last five years, I’ve received several notifications when I was not logging into Yahoo and quickly smashed the red button. MFA would have thwarted this attack.
Cybersecurity Takeaway #2 – Cultivate a security-first culture.
Social media, personal blogs, and other online forums create cybersecurity challenges because it’s effortless for threat actors to use automated scraping tools to aggregate open source intelligence from these platforms.
Open source means the information is publicly available, so it’s advisable to avoid oversharing. Criminal cartels take bits and pieces of your shares, comments, likes, pictures, and connections to plot data breaches, ransomware attacks, and political sabotage.
Rogue nation-states can even disable water supplies and entire power grids.
Cybersecurity Takeaway #3 – Follow an established framework.
When your managed IT services provider (MSP) or IT Director talk about cybersecurity, many C-Level executives think, “Oh boy, looks like we’re adding another expense to our income statement.”
While taking extra measures to strengthen cyber resilience carries a fee, if you align the endeavor with the cybersecurity framework for your business, the operating and marketing benefits will offset the investment.
We experienced this first-hand at Integris when we adopted SOC 2 Type II compliance. This rigorous set of information security controls is expensive to maintain ($20K – $80K per year), and each audit spans 12 months.
However, fewer than 1% of MSPs (managed IT service providers) are SOC 2 Type II certified, so we stand out with prospects and clients who require extra assurance that their data is safe with us.
Therefore, this exhaustive compliance standard and related audit reports are worth their weight in gold. We also use the framework to justify any new cybersecurity tools we buy.
Cybersecurity Takeaway #4 – Avoid fools with tools syndrome.
We didn’t invent the term “fools with tools.” Still, it’s a perfect definition for the practice of buying a stack of sophisticated cybersecurity technology that’s impossible to manage without an MSP or the budget of a Fortune 500 IT department.
Even Fortune 500 IT departments outsource cybersecurity solutions to MSPs because hiring specialists with continuously updated solution certifications is more cost-effective.
For example, Managed Detection & Response (MDR) is an advanced cybersecurity solution that delivers tremendous benefits. However, DIY implementations rarely meet expectations. Security Magazine advises outsourcing MDR for the following reasons:
- A 24x7x365 SOC is complicated because it requires tools, monitors, software, systems, network appliances, and sensors.
- You must acquire, integrate, and manage all third-party services and licenses.
- The SOC must have the necessary resources to evaluate and integrate new technologies.
- It must also evolve to keep pace with cyber threats’ ever-increasing volume and complexity.
Cybersecurity ecosystem
The Data Security Council of India has forecast that the cybersecurity ecosystem will expand up to a point where nearly one million professionals will be required by 2025. Additionally, the demand for cloud security skills is estimated to grow by 115% between 2020 and 2025, representing almost 20,000 job openings, Narayan added.
An extensive exercise in reskilling and/or upskilling the existing workforce, believe staffing experts, is one of the ways that telcos can future proof their work.
Indian mobile phone operators are expected to at least double their investments on network security with the 5G roll out expected to spark a surge in network vulnerabilities, which assume critical importance especially for enterprises.
However, it is already proving to be a challenge for telcos to have robust security teams.
“Even if we do not talk about 5G (specifically), the security talent in general in the country is very sparse at the moment. We need to get more (security) professionals in the system”
Bharti Airtel, for example, has been preparing for 5G roll out by upskilling its professionals and offering them certification courses such as CCNA (Cisco Certified Network Associate) and CCNP (Cisco Certified Network Professional). The courses are offered based on skill and eligibility level free of cost.
