History is riddled with the failures of mankind. The good news is that we can use history to learn from our mistakes. The bad news? Cybersecurity seems to be the exception.
The latest example of our ignorance is our sudden belief that blockchain technology, artificial intelligence and machine learning are the solutions to every cybersecurity challenge we face today. Each has incredible applications and far-reaching capabilities, but marketers and tech companies have stitched together a fairytale about these technologies that is incorrectly shaping public perception.
Machine learning seems to be the most promising of the trio, with real-world solutions that are currently working. Blockchain, however, may be the biggest offender. Some are claimingthat cybersecurity experts should be utilizing it; however, its applications are narrow at best. When it first rose in popularity, blockchain awed the world with the way it securely processed and validated transactions over public networks while providing some anonymity. In short, it’s a more secure system of record keeping. That’s a far cry from the notion of the technology’s ability to secure entire technology platforms.
Likewise, machine learning is solving some of today’s toughest challenges, but it too does not match the marketing hype. We are likely years, perhaps decades, away from handing the keys over to our AI-powered counterparts. And even then, we’ll never achieve complete security.
The problem with these tools is not the technology itself; rather, it’s society’s propensity to cling to them like life rafts instead of putting in the necessary work to build a better cybersecurity program. There is no magic blue pill that’s going to save the world from ever-growing cyber threats. We are not going to level the playing field with some sexy new technology. If we want a fighting chance, we need to get back to the basics of cybersecurity.
Here’s a closer look at four time-tested strategies that work:
1. Identify Your Assets
Whether or not a company employs blockchain or machine learning has no bearing on the fact that a company must know what its assets are if it’s going to be successful at protecting them. Once an organization has identified its most critical assets or sensitive data, it will need to implement security controls to appropriately secure that information. Proper data classification and system organization will not only help protect an organization from being wiped out financially from an attack but also prevent it from exhausting valuable resources on guarding worthless data.
Only five critical assets are worth protecting: money, financial transactions (including credit cards), identities (PII, PHI), intellectual property (including passwords) and reputation. Once a company has identified assets that fall within these categories, it should protect them to an appropriate level.
2. Assess Your Risk
Blockchain doesn’t absolve a company of its responsibility to manage risk. It’s just another tool. Truthfully, an organization’s top risks may not be addressable with blockchain or machine learning. This can only be determined by conducting a risk assessment and establishing a cost-effective solution for reducing those risks. Some common risks include data loss, system or application downtime and legal ramifications, all of which can result from a number of threats, including system failure, natural disasters, accidental human interference and malicious attacks.
Other elements of an effective risk assessment include identifying vulnerabilities or weaknesses that can be exploited and harm an organization, determining the likelihood of an attack and analyzing current processes or controls. It’s important to note that a risk assessment isn’t a one-time thing but rather an ongoing effort of measuring performance and making improvements.
Article Source: https://www.forbes.com/sites/forbestechcouncil/2018/10/26/getting-back-to-basics-with-cybersecurity/amp/