Jake Gibson, Chief Security Officer/Chief Compliance Officer, LightEdge Solutions
It has become a tale as old as time: Businesses boost their security, and criminals figure out ways to outsmart the updates. The battle between good and evil has existed long before the digital age and cybersecurity, but the new frontier has provided a blank canvas for smarter, savvier criminals to attack without having to leave their standing desk.
As our lives and businesses continue to transition more and more into the ether, we are now perpetually on guard, trying to figure out the best way to stay one step ahead of the next security breach. LightEdge Solution’s Chief Security and Information Officer Jake Gibson takes a look at the top three cybersecurity concerns for 2018 and helps to articulate the best, most effective solutions to combat potential threats:
Cyber-Hijacking: the Uglier Ransomware
The more intense cousin of Ransomware, Cyber-hijacking can deeply impact industries like manufacturing and transportation as the hijacker overrides entire control systems, making it near impossible for the software owner to take back control without paying a ransom.
With financial and physical damage a major concern with this unfortunate new attack, Gibson strongly recommends a disaster recovery (DR) solution that includes a secondary backup location. By diversifying your backup plan to include alternative site backup, you could regain control by simply switching over to an alternative server source. Even without fear of Cyber-hijacking, a disaster recovery plan is key to a business’s ability to continue running during any unforeseen downtimes.
At the core of a great DR plan is a sound and secure data center facility, Gibson suggests keeping these few items in mind when selecting a partner:
- N+1 redundancy on every main component
- Multiple power feeds provide redundant loop connectivity
- Uninterruptible power supplies (UPS) and backup diesel generators
- Multiple carriers and physically diverse connection points to ensure network availability
[clickToTweet tweet=”Jake Gibson, LightEdge: Information security is no longer just an IT problem. #datacenters #cybersecurity” quote=”Jake Gibson, LightEdge: Information security is no longer just an IT problem. #datacenters #cybersecurity”]
Holes in Your Compliance Certifications
Data is and will continue to be your most valuable asset. In order to insure its safety, regulators are continuing to strengthen the security requirements for transferring data from one source to another, along with safeguarding the institutions, like data centers, that store your information. Gibson suggests looking for a vendor that can help you navigate through the compliance audits, while also maintaining their own, in-good-standing compliance certifications.
Keep an eye out for partners that have these certifications:
- PCI
- HIPAA
- ISO 20000-1,
- ISO 27001
- SOC 1, 2, & 3
- Sarbanes-Oxley
- NIST
The Unfortunate Reality: More Breaches
Unfortunately, more large-scale breaches are a sure bet in 2018. While no one can guarantee 100 percent safety, you can implement a team-oriented approach that will help decrease your business’s chances of becoming the next cautionary tale.
“Information security is no longer just an IT problem,” Gibson says. “Designating a security task force for your organization will allow for cross-business organizations to work together to develop a comprehensive security plan.”
Bringing together participants from all business functions allows for more visibility into possible threats and areas of vulnerability. Not only will this team help highlight areas of improvement, it will also help disseminate the security message more effectively.
At minimum, Gibson suggests an information security plan should include:
- Risk Assessment
- Risk Treatments
- Security Controls
- Information Security policies
- Employee awareness program
- SIEM Service
- Continual improvement
Jake Gibson is Chief Security Officer/Chief Compliance Officer at LightEdge Solutions.
