People often ask, “What’s the greatest risk in cyber that you see?”. Obviously, I could wax poetic for hours about vulnerabilities, phishing attacks, ransomware, and on and on. And yes, each topic is critically important and requires deeper exploration. With that being said, my true belief is that the greatest risk of a cyber event occurring is a function of the “People, Process and Technology” paradigm. Any one of these three pillars functioning incorrectly can lead to breach, or further the impact.
With complexity, comes risk. For hackers, that complexity is often to their advantage. The more moving parts a business has, specifically across those three pillars, the more opportunity exists for the bad guys to identify the “soft spots” of a business. Every business process has gaps, and every technology environment has vulnerabilities. Couple that with an active and globally connected third-party ecosystem, and you can quickly imagine just how much of an advantage a hacker actually has. It only requires one motivated and skilled person with malintent to launch a malicious campaign.
So, what can we do to ensure that our organizations have the most advantages to fend off the bad guys? It starts with the three pillars. Making sure that we minimize human errors by creating a culture of education and awareness. People are always going to make mistakes, but the person in accounting clicking on the wrong link can have disastrous consequences. Or the misuse of passwords and how they are handled leaves organizations open to risk. The time to vulnerability remediation is an ongoing struggle for most businesses. Often, that is a people/process problem. A third party’s attack surface represents side door risk for businesses. The list goes on and on. I have found that continuous monitoring across all three pillars is the best way to ensure an organization remains as secure as possible. No business is perfect, and no organization is or has ever been 100% secure, but if we continue to go back to these pillars, we will go a long way together to make it more challenging for bad actors.