What Can We Do About Increasing Complexity in Cybersecurity?

Cybersecurity has never been more complicated, nor has the world ever faced a threat surface quite so large. User empowerment coupled with technology like smartphones and IoT devices has led to widespread chaos in IT departments around the world. How exactly can we address this new landscape, both within our own organizations and in the wider enterprise? By holding our vendors, partners and ourselves above all fully accountable.

1132
Hand with a key in it
Illustration: © IoT For All

We’re on the verge of an era of hyperconnectivity—an age in which everything from our thermostats to our kitchen appliances to our infrastructure is being brought online. While such technological developments undoubtedly make both our personal and professional lives considerably more convenient, they also make cybersecurity more complicated than ever.

Let’s talk about what you can do about that. Here’s a bit of advice on how your organization can prepare itself to deal with increasingly complex infrastructure and an increasingly dangerous threat landscape.

Address the Cybersecurity Skills Shortage

One of the most pressing issues in the security space is the looming talent shortage. By 2021, there will be approximately 3.5 million unfilled positions in the cybersecurity industry. The problem is that technology has become more ubiquitous than any of us could have ever predicted. Even within a small to mid-sized business, there may be an overwhelming volume of devices for IT staff to manage, and that number grows with every passing day.

Factor in that we’re bringing more and more of our infrastructure online and relying more and more on the digital realm to store and manage sensitive data, and it quickly becomes obvious that we need more cybersecurity professionals. The problem is how exactly we can find them. Security engineers are, after all, still in short supply. The men and women with the necessary expertise are in such high demand that they basically have the pick of the litter when it comes to career selection.

The first step is to promote and support programs aimed at introducing more women to STEM careers, such as computer science. Although we’ve made great strides in that regard in recent years, women generally only make up 14 percent of the cybersecurity workforce in the United States. It’s still very much a boy’s club, and one with a huge image problem to boot.

Businesses should look beyond the horizon of traditional cybersecurity and computer science programs to find talent. Many skilled individuals might be promoted and trained up from within one’s own organization. Men and women working in fields as diverse as the military and accounting could potentially have a great deal to offer from a security standpoint. The key here is to get creative because only creativity will solve this problem.

Look toward Blockchain to Address IoT Security

IoT devices represent the largest security threat we’ve ever faced. This is a massive, distributed threat surface with millions of nodes, any of which could expose a security vulnerability. While working to establish a framework that will hold IoT vendors responsible for the security shortcomings of their products is certainly a nice thought, the reality is there will always be exploitable vulnerabilities in connected devices, particularly consumer endpoints.

The solution, oddly enough, may lie with the technology underneath infamous cryptocurrencies like bitcoin—blockchain. A decentralized distributed ledger designed to be both consistent and tamper-proof, it seems uniquely suited to the project of securing IoT. Ledgers could be used to store anything from encryption keys to sensitive data, but that’s just the tip of the iceberg.

Even as I write this, Samsung and IBM are hard at work devising a technology that will allow blockchain to create a network of IoT devices, allowing devices and endpoints to issue commands and to send messages to one another through a secure, decentralized, low-cost medium. Known as ADEPT, I expect it will be the first of many such technologies. In the meantime, you can do your part by practicing due diligence with enterprise IoT vendors and air-gapping all consumer endpoints on a separate network.

Use the Cloud to Streamline Operations

The more complicated your business processes and infrastructure, the greater the chance that there will be a security issue somewhere along the pipeline. Cloud computing can offer a solution. First and foremost, it can allow an organization to automate a wide range of manual processes, freeing up man-hours to focus on more pressing concerns, particularly in IT.

It can also simplify disaster recovery to a large extent, allowing for on-demand redundancy and easy, offsite replication of systems and data, enabling easier software updates. Moreover, it keeps all your data assets in a centralized, easy-to-manage location, at least from your own point of view. Many cloud vendors also offer cybersecurity as a service platforms, allowing businesses that might otherwise lack the necessary expertise and manpower to keep critical assets safe from unauthorized parties.

Let’s Hold Vendors, Partners and Ourselves More Accountable

Last but certainly not least, your business needs to understand one thing above all else: cybersecurity is no longer just a technological problem. It needs to be a business-wide directive, one which involves regularly updated processes and policies, frequent security audits and drills, and due diligence on any vendor with which your business may work.

We need to hold our partners, vendors, and employees accountable, but no more than we need to hold ourselves accountable. If we aren’t taking the necessary measures to protect our own systems and data, we can’t expect our businesses to be secure. Similarly, if we’re not securing our own organizations, we can’t hold our vendors and partners to any sort of standard.

Cybersecurity Is Complicated, but It Doesn’t Need to Be

There was a time when corporate cybersecurity could be managed by a single business department. Those days are long behind us. Today, cybersecurity has grown more complicated than ever.

But that complication need not be insurmountable. Follow the advice we’ve outlined here and your business will have a leg up as cybercriminals continue to hone their exploitative methods.

Written by Matthew Davis, a Content Writer at Future Hosting