C-level Global Business & Technology Operations/Cybersecurity & Independent Board Member
As the saying goes: the more things change, the more they stay the same. Throughout the years, I have found this to be true in many areas of life and business, including cybersecurity.
It might seem odd to apply such an expression to an industry that is on the cutting edge of technology, but as I write this, in the middle of Cybersecurity Awareness Month 2021, the truth is no matter how advanced we become, we can’t ignore the fundamentals.
Human error remains a threat
Regardless of how advanced we become in detecting and mitigating threats, humans continue to bear the responsibility for the majority of cyber crime. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved a human element.
Remote work and increased reliance on the cloud are a few of the reasons why small and midsize businesses have increasingly become targets of cyber crime. These scenarios set the stage for anyone to become a bad actor, and when you lack both the human and capital resources to deploy enterprise-grade security in your organization, the need to focus on the fundamentals has never been more critical.
Whether you have five employees or 2,500, one of the best places to start is to clearly communicate best practices, make it a priority for everyone on your team and schedule regular check-ins to create a sustainable cybersecurity culture within your organization.
If you want to expand your customer base and retain your current clients, a poor cybersecurity posture can put your ability to win and keep business at risk. This is especially true if you are supporting enterprise customers or the federal government and its suppliers, both of which are working diligently to remove the weakest links in the chain.
So whether it’s mapping to compliance frameworks such as HIPAA, SOC 2, CMMC or the need to demonstrate that you have the appropriate security tools and practices in place, you need to be prepared to respond quickly.
And remember, you’re only compliant if someone else says you’re compliant, so make sure to leverage a third party audit to be able to prove to your customers that you’re a safe bet when it comes to handling their IP, PII, financials or other sensitive data.
How new technology can help
While the fundamentals of cybersecurity remain largely unchanged, that’s not to say that there aren’t exciting developments on the horizon, particularly as it relates to SMBs. For example, I’m seeing an incredible amount of innovation in how AI and machine learning are being leveraged. These smart technologies monitor behavior vs. known threats to take a more streamlined and proactive approach to cybersecurity. This will continue to evolve and improve and will be an essential tool as we continue to face talent and budget shortages combined with more sophisticated attacks.
As a board member of AaDya, I’ve been able to experience this first-hand. Their innovative platform for SMBs is powered by “Judy,” a virtual assistant and agent who leverages AI and machine learning technology to deliver up front support including password management and anti-phishing alerts, and backend security including advanced endpoint detection and response.
We can’t ignore the fact that as those of us working to fight cybercrime become more advanced, so do the cyber criminals. To secure our economy, our infrastructure and our citizens, businesses of all sizes need to double down on the fundamentals and leverage appropriate new technologies and tools to create sustainable, flexible and strong cultures of cybersecurity.
Julie Cullivan is a seasoned cybersecurity and technology executive who has driven triple digit growth, created magnet organizations, and repeatedly steered the successful transition to publicly held companies for some of the world’s most recognizable cybersecurity and IT brands. She currently spends her time contributing to both public and private boards, mainly focused on the areas of compensation, risk, and audits.