When it comes to cybersecurity, there’s strength in numbers. In my role as CenturyLink’s chief security officer, I oversee the strategy to protect CenturyLink’s clients, employees and 600,000+ miles of network. Our team has stopped bad actors at the highest levels for decades, giving CenturyLink a view on cybersecurity that few others in the industry have obtained. One of the key takeaways over the years is that most organizations need to shift to a strategic, threat-focused mind-set, rather than relying only on technical solutions.
When developing your cybersecurity plan and policies it is imperative to understand the unique security needs of your business.
Every organization is vulnerable and attracts threats in unique ways. Key to success is to begin by working with a seasoned team that can guide you through a deep analysis of your organization’s numerous strengths, weaknesses, opportunities and threats. Here are a few key areas to focus on while doing so.
Know Your Core Value
Understanding the methodology and psychology of cybersecurity adversaries begins with knowing what they’re after. The answer, more often than not, is related to your organization’s core business value. For a retailer, the target is often transactional data. For a law firm, it could be litigation strategies or discovery data. The answer for each organization might be different, but getting a clear picture of your core value is key to a threat detection and incident response mindset.
Know Your Vendors
Many high-profile data breaches have initiated not with the ultimate target, but with their vendors. Often, vendors have levels of access into your organization that make you vulnerable should they be compromised. It’s essential for your cybersecurity strategy to keep close tabs on your vendors, especially regarding their security practices. A third-party risk assessment is imperative in order to determine these risk factors, especially for large corporations with a long list of vendors.
Protect Your Gold Players
Most organizations have key personnel whose credentials offer access to the most sensitive parts of your IT infrastructure. These also happen to be the credentials that bad actors are the most interested in obtaining. Once compromised, these credentials allow adversaries to cover their tracks while they siphon off data, extending the timeline of the attack. Every cybersecurity strategy should clearly identify these gold players and devise special measures to protect them with a strategy that controls credentials and user access. It can mean restricting work habits to ensure they don’t operate in unsecured environments, but with these individuals, safe is always better than sorry.
A Hospital Model Can Protect Better
Understanding your organization involves being honest about your core competencies. For most companies, that list doesn’t include cybersecurity. This is one of the reasons why CenturyLink recommends a “hospital” model for obtaining cybersecurity services. Rather than contracting with multiple security vendors, partner with a single vendor who has all of the services you need under one roof—like going to a hospital for health services, rather than dozens of independent doctors. Doing so allows for the establishment of a cohesive cybersecurity strategy for your organization.
Spend Smarter on Cybersecurity
One-size-fits-all security is never the answer. When developing your cybersecurity plan and policies it is imperative to understand the unique security needs of your business, then develop a customized plan that matches your priorities and implement pragmatic, efficient and cost effective solutions that integrate easily into your security framework, so you can leverage existing investments and use your security tools more effectively.
This article was originally published in Forbes Voice https://www.forbes.com/sites/centurylink/2017/08/15/4-ways-to-create-a-better-cybersecurity-plan/#4d4cc127602d