The Year of The Breach
2014 was the year of the breach. AOL, eBay, UPS, and J.P. Morgan were just a few of the companies that fell victim to cyber criminals. It became common place for the media to decry outrage over yet another breach. In order to thrive we must change our mindset and we must develop our cyber strategy based upon people, processes, and systems.
Changing Our Mindset
We used to protect ourselves, our homes, and our businesses by locking doors and windows. Our strategy was based on keeping unwanted people out. By keeping unwanted people out we protected ourselves, our loved ones, and our livelihood.
The culture of keeping limiting physical access is no longer relevant. Sexual predators can invade our homes from millions of miles away. Thieves can rob our businesses and never step foot in our store.
Technology has improved our lives in ways too numerous to mention. For the business owner it has provided access to markets that were previously inaccessible. The student can learn from almost any where in the world at any time (if they have an Internet connection.) Service members serving overseas are able to connect with their loved ones from the battle field.
Undoubtedly these are truly awesome developments. The burden of war is lessened because families can still connect. Higher learning is more readily accessible because technology destroys physical boundaries. Technology also allows people into out lives unbeknownst to us. It allows people we can’t see or hear the opportunity to violate our privacy.
In order to thrive we must assimilate this fact of life.
People, Processes, Systems
In spite of the exponential power of technology our human resources remain our true assets. They serve as the checks and balances on our processes and systems. They provide the required analytical and cognitive skills to ensure our processes and systems align with our strategic intent.
At the same time our team members connected to our networks potentially expose us to the greatest risk. Their actions on the “inside” could unknowingly allow someone into our inner digital sanctum. By properly training our teams we provide our processes and systems with a much greater chance for success.
Processes are important because they provide us with standardized but flexible methods for dealing with events. Systems allow us to automate our awareness and take action when anomalies are discovered.
All three must work together but our focus must begin with people. If you disagree stop for a moment and think. Of all the companies breached in 2014 which one lacked technology?
Do you understand the true place of technology in the cyber world?