National Cyber Security Awareness Month gives us all an opportunity to reflect on how we can improve our organizations’ resiliency. This month can be a great time to make upgrades and shore up plans, but the reality is that many of us are already aware of the measures that will keep us safer. We know what we should do; we just don’t always do it.
In that way effective cyber security, is a lot like dieting. We know we should exercise and eat right, but we end up grabbing a donut for breakfast or skipping a workout to go out to dinner. The more serious among us may set up a strict regimen: hit the gym, and throw out all of the junk food in the pantry. Yet even dedicated people sometimes give in to their sweet tooth or fatigue.
The fact is that no matter how disciplined humans try to be, we are not perfect. Following a security regimen is similar to following a diet. No matter how many firewalls or training classes an organization employs, the majority of cyber-security incidents will continue to occur due to the weakest link: humans.
The mention of security incidents brings to mind several newsworthy events, including the theft of 102 million Sony users’ personally identifiable information (PII) records, hackers stealing 110 million credit card numbers from Target, and the U.S. Office of Personnel Management breach involving the personnel and security-clearance files of 22 million government employees. The focus is generally on external threats, with the media directing attention to malevolent hackers. While this is an understandable fear, we should be equally concerned with the much larger source of breaches: our own lack of self-discipline and human errors.
Much like giving in to the bowl of Halloween candy in the break room, it’s easy to slip when trying to keep information secure at work. IBM’s 2014 Cyber Security Intelligence Index found that 95 percent of all security incidents involve humans, with employee error or theft contributing to the majority of data breaches. According to a CompTIA Trends in Information Security Study, the top examples of human error cited were general carelessness and failure to follow security policies and procedures.
Source: CompTIA, Trends in Information Security Study, 2015
Following corporate data policies may be seen as a nuisance and are easy to ignore. Employees can too easily disable security features, click on links from unknown senders, or respond to a phishing attack. As malware grows increasingly sophisticated and hackers find stealthier ways to penetrate the corporate network, security cannot be left to chance—or in some cases—left in the hands of employees’ whose primary responsibility is not security.
Simple security isn’t an oxymoron
We purpose-built our solution to simplify security and significantly reduce the risk of misconfiguration. Our orchestration engine automates key aspects of your Tempered deployment, including managing security policies and trust relationships, so you don’t have to spend expensive resources on the minutia of change management. Our solution’s drag and drop user interface makes it easy to centrally manage private trusted networks that cloak critical assets and prevent untrusted devices and endpoints from being able to see or communicate with the protected assets.
We can advocate for more policies and push for greater awareness, but in the end, when people are performing tasks, human error is inevitable. Tacking on more firewalls, VPNs or VLANs won’t change that reality. As security breaches become substantially more detrimental, we need to shift our focus to risk management. The way to do this is to make security simple, scalable, and as independent as possible from human interference.
Successful dieting is not just eating a healthy salad today; it requires a lifestyle change. When it comes to cyber security for this new era of connectivity and computing, change is a requirement. Doing more of the same isn’t going to produce a different outcome. While we follow security best practices for defense-in-depth, Tempered Networks is bringing a unique approach to secure networking. Through rapid micro-segmentation that’s elegantly simplified with our centralized orchestration and UI, we actually improve your operational hygiene by reducing infrastructure complexity and simplifying change management requests.
National Cyber Security Awareness Month is still a great time to take stock of security measures, check out the available resources. When it comes to protecting your critical assets, understanding your risk means understanding the reality of human behavior. We want to help you keep the margin of error as minimal as possible. So go ahead: have that candy bar. Tempered Networks has you covered.