sand castle on the beach
PHOTO: Dallas Reedy

During the Middle Ages, civilizations adopted a new method for building castles that involved situating the castle atop a slight hill with a moat surrounding it. This model eventually gave way to the Roman walled city, where entire communities existed behind physical barriers to block unwanted intruders and keep the communities inside safe.

However, as these communities evolved into true cities — growing in both size and complexity — the strategy became increasingly untenable, since city centers needed to be integrated with the growth beyond their walls. So instead of attempting to physically block off any threats, these cities created systems for managing risk while living in the midst of it. 

We’ve reached a similar inflection point with cybersecurity. When it comes to security, our systems are now too complex to be successfully walled off from bad actors, and we need to adjust our approach if we want to keep innovating. 

But if we look to the data breaches the private sector has encountered in the past year — from the 50 million Facebook users whose account information was exposed, to the 500 million Marriott Starwood guests whose reservation information fell into hackers’ hands — it’s clear that leaders haven’t reframed their approaches and processes.



Related Article: The Cost of a Cyber Breach

Adjusting to the New Cybercrime Normal

Data breaches are our new reality. Cybercrime is a business, and its participants are always honing their skills to take advantage of business and consumer data. And with the rise of emerging technology like the Internet of Things (IoT) and 5G connectivity, the risk will only grow. More connected devices will produce even more data, and 5G connection speeds will allow it to move faster — and fall victim to bad actors more easily.

While this may sound like a dire picture, the flip side is that emerging technologies are playing a pivotal role in enterprise digital transformations. And enterprises shouldn’t let fear of attack stifle their digital momentum.

But given the sheer volume of enterprise data breaches constantly in the headlines, are organizations being proactive about the risk of data breaches? I think they want to be but don’t know how to evolve their approach. Businesses have to rethink the model in which they protect their organizations.

Here are some steps for how they can do that:

Cloud Migration

There’s a false idea that cloud strategies make businesses and their data less secure. But cloud is not to blame. It can be far less vulnerable than an on-premises strategy — that is, when teams adhere to strong processes. IBM found that human error causes 95% of all cloud security incidents. But when defined correctly through process management, cloud features like access control allow you to moderate use depending on an individual’s work needs and seniority level. 

Our castle analogy applies here as well: An on-premises strategy creates a false sense of security by walling it off from the rest of the world. But a cloud strategy upheld by solid processes allows you to store your data in a manner that lets you easily funnel it into different platforms and tools to take advantage of new insights, while also benefiting from sophisticated access control features. An on-premises strategy limits you based on both data connectivity capabilities and by simplistic security measures.

Related Article: Hybrid Cloud: Bringing the Best of Both Worlds to the Enterprise

Education

While tech’s capabilities have expanded, many employee's baseline understanding of cybersecurity best practices has remained stagnant. Businesses are responsible for closing this knowledge gap. By failing to help their employees understand the processes they must follow to protect themselves as new powerful technology comes to market, they leave their organizations vulnerable to risky (and preventable) employee behavior. Quarterly security trainings for employees — both in-office and remote — should become standard practice for developing an organization of security-smart professionals who follow mandated processes.

Appointed Leaders

As the playing field changes, organizations may have to rethink their leadership structure. Our lives and businesses are so connected that it’s unrealistic to put one leader in charge of a sprawling cybersecurity strategy. With legislation like GDPR, emerging technology like IoT, employee education initiatives, and more, consider appointing unique executive-level leaders for each practice area of cybersecurity to make sure none of them fall off the radar.

Related Article: Why HR and IT Are Teaming Up to Prevent Data Breaches

No Business Is an Island

Enterprises can’t let the risk of data breach slow their digital progress. But they do have to rethink how they operate in a world where bad actors keep pace with our defenses. By resisting the urge to block your business off from the world in the name of security, and by instead prioritizing the right leadership and education, your team will find its footing in a risk-heavy era.