ERP News

Build a proactive cybersecurity approach that delivers

348 0

Whether it’s zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that’s proactive, not reactive.

Proactive Cybersecurity

Proactive Cybersecurity

Proactive Cybersecurity-It’s not your imagination. Smart and resourceful bad actors are out to get your organization’s data. You’ve got to do something. You’ve heard about proactive cybersecurity strategies like zero trust, but what does zero trust really mean, how much will it cost and where do you start? Whatever the strategy, the first step for IT leaders is to come to grips with the threats their organizations are facing.

“We’re under constant attack. There are millions of hits. We assume we’re going to be attacked and that there will be something inside or outside,” said Joel Garmon, CISO of the University of Pittsburgh.

IT security executives like Garmon understand that perimeter-based security measures are increasingly irrelevant. Stories are legion of organizations that, once penetrated, fell victim to advanced persistent threats, which can abide for months within a firewall, passively collecting information or actively doing damage.

“Just because someone has gotten into a building or network doesn’t mean we should trust them,” said Don Anderson, senior vice president and CIO of the Federal Reserve Bank of Boston. “Everything we do should be zero trust.”

Despite the need for a new approach, zero trust is not for everyone. Implementation takes commitment, time and resources. “You have granular insight into every application and service a user is using. Tactically, however, it’s really difficult,” said Johna Till Johnson, CEO of Nemertes Research.

“There has to be a good business reason to adopt a zero-trust policy. It’s not going to happen overnight,” asserted MongoDB CISO Lena Smart, who has responsibility for security within the company’s software as well as for MongoDB and its employees.

Needed: A plan, processes, people

At the Boston Fed, Anderson is grappling with high-stakes cybersecurity challenges. In addition to being a repository for large amounts of money in its role as a bank of banks, the Boston Fedaudits banks in its region, a process that generates reams of confidential information that must be safeguarded. The bank also is privy to interest-rate decisions by its board that must be kept confidential, lest leaks of interest-rate tweaks set off a flurry of premature market action. Boston is headquarters for the Fed’s District 1 (of 12 nationwide), consisting of all of New England except for the southernmost part of Connecticut.

Read More Here 

Article Credit: TechTarget

Leave A Reply

Your email address will not be published.