As many of you may know, when I first started this freelance writing business of mine, the idea was to simply start to offer a basic newsletter about Biometrics and the industry in general. I offered some other sorts of news services as well, such as a collection of press releases of the major items of that week.
While that was slow to pick up, I started writing for a major journal out in Amsterdam. This led to other projects, which then translated into all of the books that I have been writing.
Now, as I have segwayed away from the Biometrics Industry into the Cybersecurity one, I have found myself rebranding and relaunching yet once again. I have to be honest; it hasn’t been the easiest of transitions, and there have been lost and gained opportunities as well. But overall, I think things will stabilize out and pick up yet once again.
There is a reason why I brought this up, as well as the focal point of today’s blog. But you must read the entire thing first before you find all of this out!! LOL. Anyways, as we soon approach the 4th of July, we are now slightly well over half of the year.
It’s surprising how quickly it has gone, and in terms of the world of Cybersecurity, nothing too much has changed, other instead of the number of hacks and attacks going down, it is increasing.
From what I have seen, Ransomware attacks have been on the rise, impacting not just small businesses, but the major cities of the United States as well. For example, Baltimore, MD has been was just hit with one, and of course, the city paid the ransom in Bitcoins (even though they should not have – because of that, it is quite possible that the Cyberattacked might go after even more mission Critical Infrastructure).
Also, when it comes to Corporate America, organizations are still struggling to fortify their lines of defenses. This is according to the latest market research report, entitled the “Panaseer’s Security Leader’s Peer Report.” They found that both employees and the C-Suite are grappling key issues such as the following:
*89% of the respondents are still struggling into finding ways to keep their customer information and data secure being hacked into (this also includes their own corporate information);
*31% are concerned about coming into compliance with the regulations and mandates, such as that of the GDPR;
*An overwhelming 58% of the respondents are still trying feeling confused and lost as to all of the Security tools they have deployed that involve at least 76+ different tools;
*Believe it or not, over 70% of the organizations polled in this survey do not even check to see if their existing and newly deployed Security tools are even supporting their lines of defense, or even if they are getting a positive Return On Investment (ROI) on it;
*IT Security teams are still bogged down with report writing, with 36% claiming that they are still doing it manually even though there are many automated tools that can do this task for them;
*Apparently, the biggest bottlenecks are in the reports that have to prepared for the federal regulators and auditors, with over 57% of the respondents claiming that they still use Excel spreadsheets to present this information to them;
*When asked what drives their leadership for new Cybersecurity changes in their environment, the majority of respondents claimed (55%) it was the fear of coming into compliance with the recent rules and mandates, not the fear of a Cyberattack per se.
My thoughts on this?
As I am writing this blog, there are numerous thoughts that come across my mind, which are as follows:
*First is just the sheer number of security technologies that are currently deployed. In fact, this is a topic I just wrote on as I am compiling the draft for my new book on Web application security. At the present time, the current mindset of the C-Suite is that throwing everything that you have and more (including the proverbial kitchen sink) will completely and 100% beef up your lines of defense. In other words, it’s the safety of numbers: The more you have, the more secure you think you are. This is just the opposite. By having so many security tools, the business or corporation is simply increasing the attack surface for the Cyberattacker to penetrate into. For example, the illustration I use is that an organization first needs to conduct a comprehensive security analysis of their current threat environment, then from there, decide how many security tools are needed. This is not only money that is wisely spent, but you will also be procuring and deploying technology at their most strategic places. In other words, more than likely two Firewalls will do the job instead of having ten Firewalls.
*I am quite astonished to see that most of the respondents still use manual report writing tools (once again, such as Excel) in order to prepare their reports for the C-Suite and the regulators/auditors. There are many automated tools out there that can do this task, thus saving the precious time and man hours for the IT Security staff to deal with what is most important: Combatting the onslaught of Cyberattacks.
*It also surprises me to see the main motivating factor for Corporate America to engage into new Cybersecurity initiatives is because of the rules and regulations (once again, like that of GDPR) and the financial penalties that they impose. I would think that the main motivating factor would be the fear of a Cyberattack, and the impacts that could bring, such as lost customers, hits to the bottom line, and the time and cost it would take to acquire new customers, tarnished brand image, etc.
OK, so now you may be wondering what is the connection between what I first wrote in the blog to what else I have written here? Well, it seems that Corporate America wants to solve all of their Cybersecurity issues with one fell swoop. Because of our reactive mindset and all of the complex issues that are there, taking this approach will just make matters even worse.
In other words, Corporate America is going to have to take baby steps in order to solve all of their Cybersecurity concerns and bring their efforts to fruition. Although this sounds like a long time, the end result will yield in a much more solidified line of defense versus just a frothy one that a Cyberattacker can easily break into.
And, this also resonates into my own freelance business. I have wanted to take giant steps, and I tried to in the last few months in order to rebrand it into a Cybersecurity one. But this effort did not work too well, and thus, I realized that baby steps are needed first in order to build up a new brand that is strong and more importantly, reputable.