Cybersecurity is a buzz word we hear thrown around all the time, but, like so many areas of our business, creating a resilient security posture is not a set-it-and-forget-it task. Cybersecurity is more important than ever, as the pandemic forced many businesses towards virtual and remote operations, a shift that has exposed our vulnerabilities to hackers and data breaches.
In honor of National Cybersecurity Month, we spoke with Greg Surla, Vector’s Chief Information Security Officer, to learn more about what drew him to this exciting field, the common mistakes organizations make when approaching their cybersecurity strategy and how you can improve your resilience in this critical area.
Cybersecurity is a core need for every business, big or small, and will become more and more critical as our technology continues to advance. Here are our top tips for improving your cybersecurity posture at your organization.
In the movies, cyber attacks are often targeted at large organizations like banks or casinos, but this is not always realistic. In fact, the most common targets are small and medium-sized companies. The reason for this is that smaller organizations are often limited in their defense and don’t prioritize or have the resources they need for a comprehensive strategy to cybersecurity. Shockingly, 60% of small businesses that suffer from a cyber attack do not recover and go out of business.
“It’s not impossible to create a scalable solution for the size and resources of your organization, but the critical first step is to know your blindspots and recognize that you are fallible, so you can get to work protecting yourself,” says Surla.
“When you try to protect everything, you protect nothing. You need to clearly define what your organization's ‘crown jewels’ are and have a strategy to defend those,” Surla recommends.
At Vector Solutions, we consider each client’s specific needs and priorities. In education, for example, privacy is absolutely critical, so the priority becomes focusing our strategy and solutions around protecting data above all else. Consider what the main risk for your organization is, from intellectual property to patient information or manufacturing processes. Once you’ve defined what is the top priority for you to secure, you can begin building a strategy to protect it, mitigating risk for your organization.
“It makes no sense, but, often, companies will give up in the face of not being able to protect everything and protect nothing. It’s always worth the time and expense of protecting the aspects of your business that are vulnerable, as most small businesses unfortunately do not recover from cyber attacks.”
Surla warns that, when it comes to cyber attacks, it’s not a matter of “if,” it’s “when.”
“Everyone should expect hacks to occur because it’s a reality, but being prepared for one helps save a lot of time, money, and effort. Cybersecurity technology is evolving day to day, but protection technology (like firewalls, intrusion prevention, monitoring, log management) is still relatively the same; what’s changing is that there’s a human firewall that we have to improve.”
As a result, the biggest opportunity and investment for all organizations seeking a secure workplace: training employees to keep up with the continual advances in the type and sophistication of attacks.
“Because of the lightning speed at which technology advances, particularly in AI, the security landscape is always shifting and, in the next 5 years, attacks will continue to increase both in volume and speed, making it harder to defend against them.”
It’s also important to note that security is not solely an IT problem! “Every team member is responsible for noting suspicious activity and ensuring protocol is followed to respond as quickly and efficiently as possible. Sadly, hackers aren’t in a dark room somewhere as they are in the movies - sometimes they are within the walls of our own companies. Security awareness is crucial and a major focus for us at Vector solutions,” says Surla.
Recognize that unforeseen challenges will occur and that you will need to develop actionable strategies to combat the vulnerabilities they expose. Surla references the recent shift to remote work during the global pandemic as an example, stating:
“The most common issue has been an increase in phishing attacks as people are easy targets when they are working from home. This is a result of no longer being able to rely on the perimeter protection afforded by a company firewall on the internet connection at their brick and mortar location. As we have shifted to cloud-based systems, it’s critical that we are able to protect the laptops and mobile devices our workforce is using.”
At Vector Solutions, we are wholly committed to protecting the privacy of our clients and internal team members, which is why we view cybersecurity as an enhancement to their experience when working with us.
Surla explains, “It’s always more expensive to respond defensively to an attack, especially because of the surprise factor. It can take months to recover from an unknown attack, so getting in front of it is crucial and a watertight cybersecurity strategy ensures that everyone understands their role, saving your organization time and heartache.”
At the end of the day, for Surla, it all comes down to being able to walk the walk. “Your trust and reputation is everything. It’s critical that you have enough security tools and knowledge to not just say you’re committed to protecting your client’s data -- but to actually prove you can deliver on that promise.”
With the rapid development of new technologies comes the downside of new methods and opportunities for hackers. At Vector Solutions, we’re committed to providing a secure experience for our clients and team members and we make it a priority to consistently train our teams and optimize our approach to security because we fully understand that the health of our own organization, and those of the clients we serve, depends on it.
Greg Surla is Chief Information Security Officer for Vector Solutions. His journey to becoming a leader in security started in a surprising place: Nursing School. Joining the National Guard, Surla transitioned into the communication field and his experience with hardware encryption boxes during the internet’s infancy led to a focus on security. His experience in the medical field and armed forces allow him to remain calm in the face of high-stakes security breaches and he is driven by a commitment to providing companies and individuals with the security they need to be successful.