Address The New Threat Vectors On Your New Landscape
Five pieces of advice from a cyber security expertAdd bookmark
Next up in our Past, Present & Future interview series, Jamal Hartenstein is kind enough to provide some time. Jamal is prior unified security management (USM) in military intelligence. He’s worked with the department of defense on military bases, as a part of joint task forces and has experience with every branch of service. He’s helped with cyber security and data privacy initiatives for hospitals, federal agencies, pension funds and other private sector industries.
The Past: Not best in class
Jamal is wary of thinking that everything was ‘wine and roses’ prior to the global pandemic. He’s aware that some organizations had it right- they were leading edge thinkers as far as cyber security. But most organizations were (by definition) not best in class. “The reality was that the threat vectors were more so contained within an enclave or an enterprise of a known like end points. There was easy to wrap your head around BYOD or CYOD policy. There was a CMDB [configured management database] that was probably accurate at one point but that’s if you were a mature enough organization.”
The Present: Not prepared
And so even if you’ve gotten to today without a major breach Jamal points out that with a completely new and 100% remote technology stack, “there is not an understanding of what data is entering our enclaves or enterprises.” He quickly follows that there is also not a complete understanding of where it's entering from via what equipment. That ‘completely new’ terminology is not for all, but it’s for most as, “not every organization was capable or mature or had a sophisticated remote work toolkit in place.” This has all lead to a threat landscape that has “expanded exponentially.”
It’s not that Jamal’s outlook is bleak; he’s just concerned that those that have not been subject to major incidents do perhaps not understand the past correctly which means that they’re not dealing with the present with a suitable approach.
He focuses on a would-be executive who feels that they remain prepared for CCPA or GDPR because they just had an assessment done in January. “Well in January, your work from home workforce and your threat landscape was dramatically different.” Beyond dealing with the traditional issues associated with a breach, “the settlements and fines and fees or payouts after data security, breach litigation are oftentimes much more than the cost of remediation or mitigating audit findings or a Cyber Security assessment.
The Future: Still time to improve
Jamal’s industry assessment is that there are some that have not felt the actual tectonic shift that’s occurred for humanity and thus, cyber security. His point is that everything is different now- whether you feel it yet or not.
And so, with that understanding, he parts with...
Five Pieces Of Advice
- Investigate new forms of data protection
- Ensure you have multifactor authentication
- Focus on encryption at deeper layers in the OSI model
- Realize the protection data in transit and data at rest
- Revisit your mitigation factors
The bottom line- prepare yourself to address the new threat vectors on your new landscape