This month, the EDGE360 editorial staff is focusing on the importance of cybersecurity, providing you with tips and strategies you can employ to ensure that your partners as well as their customers are as protected and knowledgeable as possible.
To that end, we reached out to technology professional, Dan Timko, President and CTO at Cirrity, for his perspective on cybersecurity. Dan provided much needed insight on the benefits of a holistic approach to cybersecurity and on Comstor’s Ring of Security. Keep reading below to see what else Dan had to say:
EDGE360: In a recent podcast, Comstor’s David McNicholas stated that 75% of your Ring of Security is exposed if you don’t utilize an integrated, holistic approach to cyber security. What are your thoughts on an integrated approach to security?
Dan Timko: Security practitioners have long discussed the need for a holistic approach – one that looks at the combination of people, processes, and technology rather than one that focuses on a specific point or edge. All too often, businesses succumb to marketing efforts suggesting that there is a technology or product that will solve all of their security needs. This couldn’t be further from the truth.
A mature security program encompasses technology where needed, but arguably more importantly, it covers the people and processes. When these facets are all considered in a management system, an organization is much better prepared to face a threat.
EDGE360: Along those lines, how do Cirrity’s offerings and/or solutions support a holistic, integrated approach to security?
DT: Cirrity’s services were built on a platform that took these principles to heart.
We’ve integrated security into the foundation of our services. Not only to protect the platform itself but to enable customers to extend that protection into their own environments running on our platform. We also have strong relationships with consultancies and audit firms to help customers work on the people and process part of their security programs in-house.
EDGE360: A recent cybersecurity report asserted that people are the biggest threat to cyber security. At the same time, Comstor’s Security Initiative supports that the Ring of Security has to integrate people, processes and facilities. In your experience, how do people contribute to and/or weaken cyber security?
DT: Threats are ever-evolving, and the easiest route to compromise a system is usually to leverage the rights of a user. This is why Security Awareness Training is so critical to organizations. Users need to be wary of communications that ask them to open items, to log-in to unknown sites, and so on.
Users coming out of training are much more aware of how attackers are targeting them. These trainings aren’t just “one and done,” but should be reinforced on a regular basis. While users can be the biggest weakness, informed users can actually be your best defense.
EDGE360: Is there anything else you would like to share?
DT: Information Security has always been an arms race, with each side (attacker and defender) working to outdo the other. The defensive role is a challenging one, and made even more so when you are only relying on technology controls. Those systems can’t be updated until new threats are understood – which in many cases is too late. This is why it is critical to take the holistic approach to security management.
Want to learn more about security and other trending topics in IT? Click HERE to subscribe to EDGE360.