It All Starts with a Plan
Throwing money at your network security without insight into the strengths and limitations of your network will put your enterprise users' data at risk.
Cyber crime is big business. FBI's Internet Crime Complaint Center (IC3) reported that it fielded 800,944 cyber crime complaints in 2022, resulting in estimated losses exceeding $10.2 billion. And, with the average enterprise breech price tag rising to $4.5 million per incident (according to IBM), enterprises cannot afford to be lax when it comes to their cyber security plan.
A sound plan starts with the cybersecurity assessment, which identifies weaknesses and risks that could compromise your enterprise data and system resources. Without insight into what holes your network has, how can you effectively (time and cost) protect your enterprise data?
Enter Omar Valerio, a seasoned chief information and technology officer, boasting over three decades of experience in the education sector. From cyber security architecture to infrastructure planning, Valerio knows the keys to building the blueprints that will protect your network.
Ahead of his upcoming session at this year's Live!360 tech event (taking place in Orlando, Fla. Nov. 12-17), Valerio sits down with Redmond to break down the basics of cybersecurity assessments, and why your cyber security strategy might not be ideal to face the threats of tomorrow.
Redmond: Your session covers everything from networking issues to cloud infrastructures and security protocols. Can you give us a teaser about how these elements come together in a comprehensive cybersecurity assessment?
Valerio: Infrastructure is the heart of any technical implementation. Without a well-designed, documented, and secure infrastructure, everything else is exposed to cyber-attacks or breaches. You must have a strong and secure backbone to protect and be able to secure any implementation on the network, including the cloud infrastructure. I will review how these three branches are part of the main tree (Infrastructure).
For organizations that haven't yet undertaken a formal cybersecurity assessment, what's the most critical first step?
For any organization that hasn't taken any actions toward a cybersecurity assessment, the most critical step for them is to start to identify all assets and accounts in the organization.
What is one common but often misunderstood type of malware that organizations should be particularly wary of?
Unfortunately, everyone is primarily concerned about ransomware -- of course, it is the most malicious threat. However, organizations and IT departments forget about other critical malware, such as adware, botnets, droppers, keyloggers, etc. All these types of malware can also make a significant monetary and downtime impact on any organization if not taken care of immediately. In my opinion, organizations should be wary of phishing scams and social engineering, including keyloggers.
What's one common misconception about infrastructure security that you've encountered from enterprise IT?
One of the most common misconceptions I encountered from enterprise IT is that organizations like to spend a lot of money on expensive appliances. The problem is not the appliance; the concern is that once the devices are installed and configured, no one in the IT department is adequately trained to maintain and secure the appliance with the latest firmware and updates or even review the logs. In other words, I have done an assessment in which I walked into an organization and saw network appliance equipment that has never been updated since installation.
Do enterprises have the software in place to handle the threats of today?
Unfortunately, a high percentage of organizations are not prepared to address today's threats. Remember that no one is immune to today's threats, even if you have all the security in the world. Organizations and IT teams need to be proactive and perform assessments quarterly scans, compare logs, and ensure they are on top of the game to at least be at a lower risk of being compromised.
To learn more about how you can effectively construct a cybersecurity assessment, don't miss Valerio's upcoming talk, titled "Best Tips on How to Start a Cybersecurity Assessment," this November. Register today!