Ready to Start Your Career?

Cyber Security Chronicles - Ch 1: Company Security Obstacles



July 8, 2017

Chronicle 1:

The Cyber Security Chronicles {BY: Jeremy Bannister [The CYBER EAGLE]} Chapter 1 - Solid Foundation: IT Security Obstacles That Could be Building Blocks

Do you think IT Security is a vital entity or major goal of focus for organizations when deciding what is an important asset, need, and necessary to sustain company objectives? How many people in this growing world are accessing what we call the web (the Internet)? Well, these numbers are rising at an accelerated rate and this has expanded the landscape & infrastructure by the year, month, day, hour, and even minute. One of my favorite old adages I have heard thrown around through the years when discussing the rapid movement of time: Time Will Stop or Stand Still for no man or woman because the hands of time will always keep moving forward. This compares to the same path that Information technology has traveled in the recent decade or so with no sign of slowing down anytime soon. This could be attributed to advances in IT industry that come very fast & furious, leaving some organizations or companies scrambling to keep up with most common company objectives in the industry. These usually are to maintain relevance in this fast-paced industry, by achieving objectives of remaining competitive, profitable, accessible with little or no interruption, while maintaining the constant ability to grow and expand with the company’s possible growing needs and demands.

With all these things to keep in focus and maintain, what is the one thing that can kill, damage, slowdown or completely bring these goals of focus to a halt? And, crippling an organization's reputation, profitability, and ability to remain competitive? Well, maybe the most important occurrence to avoid and (is becoming maybe the most frequent) is the answer, this is the event of a massive or catastrophic Security incident or breach. However, organizations are constantly exposing themselves to these breaches and threats by neglecting to hire any or enough cyber security employees to keep up with the growing list of security threats and vulnerabilities organizations face on a daily, weekly, monthly, and yearly basis. I believe one of the most significant reasons this occurs is because IT Security Administrators have very little leverage and justification to spend money on a department of the company like the IT Security department. The department does not generate a tangible profit or value that upper management can be persuaded to fully commit adequate resources too. This leads to the Security Department’s inevitable failure to accomplish or maintain a limited, tolerable and acceptable Risk Rate or Factor that adequately meets the companies common objectives and goals necessary to maintain the competitiveness, scalability, profitability, and reliability desired by most organizations.

The lack of support and funding from upper management is a major obstacle for Security Administrators to overcome, but even if the upper management is supportive and makes cyber security an important company focus, this is not nearly enough to protect an organization from the security threats and catastrophic security breaches crippling a company’s infrastructure. For instance, an organization that might have upper management support and funding for IT security can still have gaping holes in the company’s overall security defense. One of these holes can be caused by the area of focus a company decides to focus on. Organizations tend to commit a lot of time, resources, and an overall focus on protecting the outer edge of the company infrastructure from the numerous external threats that can compromise or penetrate the security barrier. This can be a major mistake because maybe the most common and disastrous security breaches are carried out or caused internally by their own employees Some of the most common ways security holes and vulnerabilities are created is through technical misconfigurations created by administrators, a blatant disregard for security company policies put in place, and an overall lack of knowledge or education about corporate the Cyber Security best practices that guard against the wide range of security threats faced by corporations on a daily basis. This will also lead to limited knowledge, ignorance, and overall confusion of the importance of protecting vital organizational assets from exposure to the many potential security breaches conducted by threat agents and cyber criminals that have malicious intentions and most are motivated by the lucrative profits generated through the vast cybercrime community.

There are several more obstacles that Cybersecurity employees face throughout the challenge of protecting organizations from the exponential threats, vulnerabilities, and cyber criminal methodologies that can cripple a company’s infrastructure for the short term and the long term. This is why I strongly believe that a solid security plan and foundation for an organization's Cyber Security focus can either start or should at least address these two corporate IT security obstacles. This will at the very least give companies a start and direction to build a comprehensive Cyber security company plan to have a chance to be effective maintaining an organizations overall everyday functions, goals, profitability, with a good standing corporate reputation. Think about it for a second, if you do not have support from the upper management and the internal employees who are considered internal users, the Cyber security employee’s job is almost impossible to accomplish no matter the security approach, tools, and protection assets in place. All these things will become expensive and not very effective which leads to budget cuts and limited organizational support.

This is why companies have a clear, understandable, and justifiable Security plan 0r focus in place. This plan or focus must have a layout of reasons, concrete examples, and possible disastrous outcomes presented to the upper management and internal employees to be able to fully understand what Cyber Security truly is and why it should be at the top of any successful organizations list of goals and priorities. This also means having plans, keeping a company’s upper management informed and involved throughout any cyber security program or project used for a security protection method or measure. There should also be a strong educational plan with programs and methods presented to all internal employees. These two plans of IT Security focus should be constantly reviewed for impact and effectiveness, therefore becoming a recursive process or circular not straightforward and linear.

Just remember there is no such thing as 100% secure and the challenges that Cyber Security employees face will never fully go away, but a strong company Security foundation, thorough IT Security educational programs in place backed with solid organizational security plans and policies can make these challenges a lot less daunting. If any of you would like to give feedback, examples and present some of your own Cyber Security challenges faced corporately. Feel free to comment and share some of the biggest Security challenges faced with the extremely difficult task of securing your organization.

Schedule Demo