Horror movies are full of questionable and outright bad decisions, that often lead to a victim’s peril. If you’re a fan of thrillers, you’ve seen it dozens of times—an attacker’s unwitting prey picks the worst possible hiding spot, places all their trust in exactly the wrong person and generally makes decisions that leaves you scratching your head—or yelling at the screen, as the case may be.
Don’t be that victim.
It’s one thing to make unsafe judgements while running from a madman, but it’s another thing altogether to take risks with your digital safety. Sure, hindsight is always 20/20 and it’s far easier to judge a bad decision from the outside, but why not take the time to learn something valuable from professionals who deal with cybersecurity problems every, single day? And from others who have learned painful lessons through experience and have survived to tell the tale? To continue our blog series for National Cybersecurity Awareness Month, we asked a panel of ZeroNorth cyber experts: What is one general tip you would give organizations to promote overall security? No matter how much you think you know on the subject, you might be surprised at just how practical and actionable their advice really is.
Don’t Get Lost in The Fog
Horror movie characters often get lost in the thick fog or pouring rain, making it hard to see what lurks in their surroundings—or even right in front of them. This type of opaque environment is precisely the same in the world of cybersecurity, where every decision must be approached with a clear head and a 360-degree view of existing threats and risk. According to Rear Admiral Mike Brown (U.S. Navy, retired), now a ZeroNorth security advisor and president of Spinnaker Security LLC, “It starts with awareness and the ability to include cybersecurity in every business decision you make. Cybersecurity doesn’t have to be the number one priority but incorporating it into every conversation raises awareness and leads to better business decisions.”
ZeroNorth’s vice president of Engineering, Andrei Bezdedeanu, agrees and points to the importance of planning. To start, he suggests organizations “define a proper strategy and a realistic execution plan.” After this step, Bezdedeanu suggests “defining metrics that can be used to monitor progress towards implementing that roadmap.”
Shortcuts Only Lead to Disaster
If something seems too good to be true, it probably is. That “safe” path through the woods might look like a shortcut—but who knows what’s lurking out there in the trees. When it comes to developing software, shortcuts can be wildly detrimental to security. For this reason, ZeroNorth Senior Software Architect, Barry Walker, suggests we “stop cutting corners to save time or a few bucks.” Walker stresses the importance of taking time to build products securely and similarly, his colleague David Ford warns about focusing only on the perception of good security. “Do security,” Ford says. “Don’t just talk about it with pretty slides.”
Shortcuts can lead to big mistakes and with that in mind, Tony Velleca, CEO of CyberProof, a UST Global company offers sage advice. “Attackers often leverage mistakes in configurations and unpatched software. Security hygiene is a complex yet critical task for security professionals, especially digital companies trying to keep up with market pressures—and who commonly use shortcuts.”
You’ve Got to Fight Back
Sometimes the simplest advice is the best advice. In this case, don’t lie down and play dead or freeze in the face of what might seem like an overwhelming situation. “Avoid analysis paralysis—doing something is better than nothing,” says ZeroNorth’s founder, Ernesto DiGiambattista. Building the right team, one that can make quick and informed decisions, is the best way to avoid the potential for freezing under pressure.
“Hire the smartest talent you can afford,” suggests ZeroNorth product security lead Mario DiNatale. It may not save you from the boogeyman, but at least you’ll give yourself a fighting chance.