You’ve heard of getting a second opinion from a doctor before. You might have even gotten a second opinion from a mechanic or a plumber.
But what about second opinions from cybersecurity specialists?
Many of us make the false assumption that everyone in the tech world is on the same page — that, if you asked them all to define “cybersecurity,” they would respond with roughly the same thing.
Well, we decided to do just that. Needless to say, the results were not what you’d expect.
Altogether, six cybersecurity experts were asked, “What is cybersecurity to you?” Each one responded with their own definition of this (as it turns out) rather contested term.
Below, we’ve outlined the most important things we discovered from their unique responses.
This should go without saying, but it was part of nearly every response we received. Tech gurus emphasized that cybersecurity is not just a firewall. It’s not just teaching your employees to watch out for phishing emails. It’s not just having data backups secured in a separate location or the cloud. Nearly every expert listed off at least three factors when defining cybersecurity:
Mike Shelah of Advantage Industries: “Cybersecurity is the implementation, monitoring, and updating of technology, policies, and training …”
Sean Connery of Orbis Solutions: “Cybersecurity is a set of technologies, processes, and practices designed to protect networks, devices, programs …”
Jon Fausz of 4BIS.COM: “Cybersecurity is about constant vigilance, adaptability, and layered protection.”
One responder, Sean Connery of Orbis Solutions, used the analogy of protecting a house:
“A non-technical way to discuss protecting the IT environment is using the analogy of a house, something we can all get our heads wrapped around. We all feel safe in our homes, and that’s because of: Protection, Detection, and Response.”
He went on to outline these three essential points:
“Protection: I have walls, doors, locks, fencing. Detection: I have an alarm system, motion sensors, cameras … Response: There is our neighborhood security, police, and as [a] last resort, insurance.”
… or your devices … or your software …
It’s all of it.
BlueHat Cyber’s Doug Smith emphasizes that cybercriminals will try to hack your business in any way they can, from any vantage point. He states that you need to take steps to protect everything, including your company’s “computer systems, networks … [access to accounts], IoT devices, software, and/or electronic data in the network.”
This is validated in our research. Many businesses seem to think that if they protect their data, they’re set. Or, if they may sure they’ve enabled multi-factor authentication, they don’t have to worry about anything else. These protections are important, without a doubt. But if our experts agreed on anything, they reiterated the need for multi-faceted protection across all areas of your business.
Ilan Sredni of Palindrome Consulting makes the critical points that threats don’t just come from pros.
Sredni states: “Threats come from the Internet and dark web, from amateurs and professionals.”
In fact, many cybersecurity specialists are emphasizing that you actually don’t even have to be very tech-savvy at all to hack company accounts or personal accounts. This is especially true when it comes to hacking passwords. In just a few seconds, even an amateur can figure out a password. Sometimes, this can be done simply from taking a look at an individual’s social media accounts.
The fact that many of the most famous cyber attacks come from the dark web is significant. If you’ve heard of the dark web, you know how elusive and mysterious it is. Someone who operates there is virtually untraceable by authorities, yet it holds many people’s personal information, including financial data, logins, passwords, secret codes, and other sensitive info. If you end up on the dark web — or even if one of your employees does — you’ve got a dangerous situation on your hands.
All of this, to say that security specialists don’t see an end in sight. The dark web doesn’t use expiration dates, and no, the FBI and CIA won’t be dismantling it anytime soon. Better to stay out of that black hole altogether.
The strong responses we got from all cybersecurity experts tell us that cybercrime is almost inevitable in many ways. It’s something we all have to contend with, and it looms large over everyone — no matter your industry, and no matter the size of your business.
In this way, it’s often more about minimizing what disruptions do occur. Of course, as Ilan Sredni notes, security specialists would like to, “hopefully eliminate the disruption of work to our clients [altogether].” Similarly, Guy Baroan of Baroan Technologies stated: “Cybersecurity to me is about ensuring that the cybercriminals don’t get into the network of the clients we support. Keeping them out and constantly updating the necessary measures to ensure that the client’s network is protected.
Still, it remains to be seen whether total prevention is possible.
Sean Connery of Orbis Solutions emphasized the “detection” aspect of security:
“I am here to tell you that detection is the most important. Here’s why: An FBI study on cybercrime revealed threats were in a victims’ network for over 200 days. Most security companies only focus on protections like anti-virus [software and firewalls] that threats are getting past. Only through early detection can you discover and detour these threats before they happen.”
Several responders mentioned the phrase “protection, detection, and response.” This seems to be the mantra of most cybersecurity professionals, in fact.
Still, just as the hacker/criminal side of cybercrime seems to be a Wild West of sorts, the security side is equally unknown. It seems that, as a business owner, you have to do your research. Find an IT expert with experience and unique skills to prevent, detect, and respond to cyber threats. Right now, that’s the best we can do.