Information technology has completely transformed society – there’s no debating that – such as the early morning espresso machine that ingeniously pours the perfect cup of caffeine, to the complex computer software programs capable of processing literally millions of requests within microseconds, or less. It’s a great time to be alive, maybe even the best of times, suspiciously coined by Dickens, yet also possibly the worst of times if society fails to hear the sounding of the alarm, the drumbeat of an ominous wave of attacks never seen before in North America. Forget about the front-page stories of credit card breaches, social security numbers and medical records being lost and stolen, they’re just the tip of the iceberg of a much more dangerous and alarming issue.
Ominous Threats on the Horizon
We’re talking about the real and growing threats being placed on North America’s financial and operational infrastructure, such as banks, nuclear power plants, utility stations, and more. Real cyber security threats are not about the inconveniences of replacing a stolen credit card number, or even quarreling with credit agencies about possible identity theft – far from it – they’re about not having access to one’s bank account, power outages for weeks or more, no sanitary services, or any other nightmarish scenarios that are highly likely to play out in the coming years.
With great luxuries in life, also come great responsibilities, thus it’s time to get serious about information technology – more specific – it’s time everyone started putting in place comprehensive measures for ensuring the safety and security of critical information systems. We’re talking about essentially the blocking and tackling of I.T. security 101, such as mature, formalized policies, procedures, and processes relating to the core tenants of sound security principles. According to a noted Pentagon cyber security specialist, “…it’s amazing how companies simply miss the boat on the basics of cyber security…initiatives such as employee security awareness training, strict adoption and implementation of sound security policies, procedures, and practices is what removes upwards of 95% of security threats”.
Changing the Corporate Culture
In reality, companies need to undertake an internal assessment that completely changes the philosophy about the seriousness of today’s growing cybersecurity threats, one that re-thinks and re-launches comprehensive initiatives for putting the safety and security of critical organizational assets ahead of profits and revenues. By putting in place well-documented, comprehensive, and highly-formalized information security and operational specific policies, procedures, and other supporting processes, businesses can turn the tide and effectively win the cybersecurity war, ultimately ensuring the safety and security of critical organizational assets.
And it starts by implementing the following Information Security 101 best practices:
- Developing a Security Mindset
- Authoring and Implementing Security Policies and Procedures
- Practice what you preach
- Security Awareness Training 101
- Rapid Incident Response Measures
- Defense-in-Depth Dedication
- Layered Security Solutions
- Business Continuity and Disaster Recovery Planning (BCDRP)
- Continuing Education
- It’s about Being Human.