When it comes to a winning cyber security strategy, the tactics and principals used by IT teams are constantly shifting. As cyber threats continue to meet the most seemingly cutting edge defenses, businesses must also evolve with not only the tools they use, but how they think about cyber security. This is what’s known as a cyber safe company culture.
In today’s blog, Tallan Architect, Marc Jacquard will discuss how businesses can protect their valuable data, as we look ahead to 2022. Marc Jacquard has over 20 years of experience with large-scale computer systems, data integrity, project management and Information Security.
In your opinion, what is the most critical thing to consider when building a cybersecurity strategy?
Security policies. They give everyone in the company a guideline to follow. This is a framework that we, as security professionals, can use to meet the goals of the organization.
It’s apparent that most businesses are aware of the current threats, but many don’t stop to think critically about their strategy or take actionable steps. What is a realistic approach that companies can take toward their security strategy?
The biggest advice I give customers is baby steps. Security can add complexities and can be very challenging to achieve the posture you want. You do not have to get everything done at once. Plan it and then gradually roll out the changes. This will allow employees to adjust and the security team time to adjust the plan if needed. Roll out a Pilot program so you can test before doing a broader deployment.
What tips can you share on building the right culture to foster cyber security in an organization?
Nothing happens in a vacuum. Make sure to communicate clearly to the entire organization. It will require the entire company to understand the plan and to help implement the strategy. Security is a team effort.
How would you define the relationship between company policy vs. suggestion?
Any policy without enforcement is a suggestion. A policy must be something that has senior management buy-off and is enforced at all levels of the organization. There must be consequences for not following the policies. If we have policies and nobody enforces them (no consequences), they are just a suggestion/guideline.
When it comes to cyber security, how important is the education of one’s user base? And what education or tools for protection would you suggest prioritizing?
“An organization is only as secure as its weakest link” is a phrase that security personnel know all too well. It is imperative to continually educate and edify the organization’s user base. We must remember that we are not all security experts. It is critical that security organizations within a company design an ongoing training program to help the rest of the company stay within the guidelines of the policy and security best practices. We all have a specific role within the company. If Bob is an accountant, he is probably pretty good at his job. I certainly do not want my security team trying to do Bob’s job! Why would I expect that Bob knows how to secure the infrastructure? Tools, such as simulated phishing attack in Defender 365 can be valuable for enforcing the training.
Make sure to communicate clearly to the entire organization. It will require the entire company to understand the plan and to help implement the strategy. Security is a team effort.
How has COVID-19 changed the face of cyber threats and what are specific examples of new hybrid work vulnerabilities?
The biggest challenge for many companies was the whole “remote workforce.” Many companies did not have the infrastructure to support an all-remote workforce. They were then faced with challenges around how to support the remote user (laptops, VPN, policies, etc.). In addition, you now had traditionally “in-house” devices that were now connected to a public internet. This then opens those assets up to all the malware that “home users” are exposed to. These remote assets now have a wider exposure on the Internet. They are not behind the traditional confines of the corporate network.
Users must be diligent in their processes for connecting to the office. In many cases, companies needed to build a more robust cloud infrastructure than they currently had. In some cases, companies had to build that infrastructure to support a remote workforce. Confidential information that had once been exclusively accessible “in-house,” can now be accessed by systems outside the corporate network security structure.
What are the top threats businesses and organizations should be cognizant of in 2022, that they may not be worrying about now?
Phishing for SaaS user credentials, Ransomware and covert Crypto-mining software are the big three. I think we will see larger increases of those in 2022.
Company confidential information that was usually “in-house” access only is now being accessed by systems outside the corporate network security structure.
How essential is Zero Trust, and how can IT teams implement it in an effective way?
Zero Trust is critical to improving the security posture of an organization. All good implementations start with a solid plan. Define your goals, use cases, and strategy. Design a plan that is a gradual change where you can have some easy “wins.” Celebrate the small successes and continue moving toward the larger objective. The Zero Trust s a journey, not a destination. It really has no end-state as the landscape is constantly changing, and we need to change with it.
What is Tallan doing to help combat cyber threats for their partners and clients?
Tallan is continually investing in security by hiring security professionals and continuous training for the current staff on security. This allows Tallan the ability to advise our customers and work with our partners on all things related to security. We have a holistic approach to security that is not technology-centric.
Interested in learning more? Check out these recent posts on Microsoft’s Zero Trust approach to security.
An Introduction to Microsoft’s Zero Trust Security Model
Getting Started with Microsoft’s Zero Trust Security Model
Stay informed and follow Tallan on LinkedIn for more resources on cybersecurity. Interested in a hands on demonstration? Tallan and Microsoft are co-hosting a Cloud Security Webinar on November 17th. Click here to reserve your spot.