Better Cybersecurity Starts With Mindset Change

Your Mindset is STILL the key element to better cybersecurity. Your understanding of the newest threats and defense technologies, and your willingness to make changes are what improve your cybersecurity. There will always be discussion and buzz on new tools and tactics, but the essential element is your cybersecurity mindset.

Start with Brain

 

If you fail to grow your knowledge of threats and technologies, you increase your risk of becoming a victim of a cyber attack. Or, if you have the knowledge, but fail to implement changes to your defenses and work process, you also increase your risk of cyber attack.

Newest Threats and Technology

Hackers change tactics every single day – The recent medical industry breach, and largest so far in 2017, at Emory Healthcare is an excellent example of how ransomware changed from a crypto-based attack to a delete/steal attack. The data was not encrypted and left on the network, it was completely removed and held hostage.

This change in tactics requires a new approach to your defense. Sure, a good backup application can restore the files. And many organizations have relied on it to solve their ransomware problem. But that does not solve the issue of your data being in the hands of the hacker. The hacker simply needs to ask what you are willing to pay to not have that data published, or sent to the ‘wrong people’. And even if you choose not to pay the ransom, the costs related to remediation, investigation, reporting, possible fines, and loss of business are still going to be big. (Just ask Yahoo!)

Understanding the threat is only half the picture. The other half is an understanding of cyber defense technologies. Looking at the Emory Healthcare breach again, it’s obviously a technology that stops the ransomware attack in the first place, prevention technology like White Cloud Security, is a much better fit in this case than a remediation technology like a backup application. You will surely keep some type of backup application because that is a best practice for a lot of reasons not related to cyber attacks. But, the key message here is changing your mindset to seek out the right technology to stop current threats and future threats. Be flexible in your thinking to stay ahead of the crooks.

Great Power Quote

The same is true for your new great knowledge. Now that you have it, you are required to act upon it. If you want to make real changes to your cyber defenses in response to the changes hackers are making daily, then you MUST look at the entire defense structure, and not just a single addon that promises to stop this month’s newest threat. Because next month, you will be buying another addon.

Why is a holistic review required? Think of your overall cyber defenses, policies, and daily routine. 90% of the time, all these items are the result of smaller incremental changes over time. A new technology addon here, an upgrade there, new education and policy a couple years later, etc. And each one a good decision at the time. But in total, it’s more like a heavily patched roof, or an old john boat that’s more duct tape than boat.

Here is where your mindset makes a difference:

Your Vision of a Better FutureVision Icon

Instead of asking what you can add as your next improvement project, ask what would you start with if you rebuilt it from the ground up given today’s available technologies? What should your daily routine look like doing preventive activity, instead of what you’re doing now chasing your tail in a break-fix environment.

Yes, you may come to the conclusion that you must scrap everything and start over, and it may be completely out of reach with your budget. But with your improved understanding, and a mindset focused on making the change happen, two things will happen. First, your mindset will greatly help convince others in your organization to agree with your new vision. And second, together you will find a path with a budget and strategy that will create a much better cyber defense.

 

Mitigation Strategy Rankings:

US-CERT – https://ics-cert.us-cert.gov/sites/default/files/documents/Seven%20Steps%20to%20Effectively%20Defend%20Industrial%20Control%20Systems_S508C.pdf

Australia ASD – https://www.asd.gov.au/publications/protect/top_4_mitigations.htm

Canada PSC – https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/tp-strtgs-en.aspx

 

Leave a Reply

Your email address will not be published.