Compliant or complacent? (or insecurely secured)
The switches and firewalls hum in the communications room, all blinking green. The endpoint Anti-Virus agent reassuringly displays the “Your device is protected!” message. Some emails in your inbox are moved to the Spam folder, and your outgoing emails are signed “Secured by Vendor AAA.” The big-screen TV in the IT office displays a dashboard colored white, blue, and green.
Feels good, doesn’t it?
Having more advanced technical cybersecurity solutions deployed is great. Yet, business owners and leaders must be conscious of the unintended downside.
THE FIGHT AGAINST COVID-19
Consider the pandemic. In the summer of 2020, the WHO published updated guidance which supported the mandatory use of face masks. However, despite its critical importance, the WHO Director-General stressed the overall unintended risk:
“I cannot say this clearly enough: masks alone will not protect you from COVID-19. Masks are not a replacement for physical distancing, hand hygiene and other public health measures. Masks are only of benefit as part of a comprehensive approach in the fight against COVID-19.”
“Masks can also create a false sense of security, leading people to neglect measures such as hand hygiene and physical distancing.”
Cyber viruses, too, cannot be eradicated with one-dimensional solutions.
THE RISKS OF COMPLACENCY
The most common cyber risk management tool is the information security risk assessment. Conducted properly, information security risk assessments do provide managers with the facts needed to understand risks. The assessment findings, gleaned via questionnaires and interviews, inform of threats to corporate assets, capital, proprietary information and value improvements. The final reports are neat, most of the checkboxes in the list are checked, and the completion of the process is an achievement in itself.
Especially when the firm is a newcomer to cybersecurity, the process itself may induce overconfidence.
THE RISKS OF UNIFIED TECHNOLOGICAL SOLUTIONS
A common finding of security risk assessments is that the disparate security solutions are not interoperable.
The business often adopts this welcome recommendation to select, acquire and deploy better technologies. All current best-of-breed solutions include a “single glass pane” console and dashboard. Threat-detection systems display the aggregate picture.
Network management tools visually arrange the assets in neat forms:
Created to improve situational awareness and centralize management, such technical solutions often instill an “everything is under control” mindset across the IT team.
Many maritime businesses have only recently started to consider cyber risks. Numerous maritime logistics and freight forwarding companies +++ דוגמאות have made great strides. The typical journey adopts a compliance-driven IT security audit which results in deploying modern, unified cybersecurity solutions. These processes and technologies certainly improve the firm’s security posture.
However, we at Cyberstar see this as a two-stage process. As a company adopts modern cybersecurity solutions, a false sense of security often arises among managers and IT. This is a normal side-effect. Please keep in mind that your cyber journey does not stop here. This post and future ones will help you gain cyber resilience. Management must take the necessary next step: overcome the false impression that your team has got “cyber under control”.