By Paul Ferrillo & George Platsis
Originally published on Tripwire, May 9, 2017
In previous articles on understanding big data, the need for AI, using encryption and tokenization (including the drawbacks of encryption), and the series on human vulnerabilities, we laid down just some of the building blocks necessary to create a robust cybersecurity strategy. Yet there is a larger problem we often experience: losing the trees for the forest. All the tips we have mentioned thus far are great, but only if you are situationally aware of your own challenges.
If you have legal or regulatory compliance issues, such as European Union’s General Data Protection Regulation (GDPR) or Health Insurance Portability and Accountability Act (HIPPA), you have no choice but to follow them. However, neither of us are big fans of standards and certifications for the simple reason that they rarely meet your specific needs in addition to being a costly undertaking in both time and money. This is why we are fans of frameworks, such as NIST Cybersecurity Framework (updated in January 2017) for the exact reason that a framework allows you to meet your own needs.
Humorous (scary?) aside: in our encryption and tokenization article, we mentioned the benefits of HTTPS (which Tripwire uses). Yet the official European Union Law Access Portal (which we link to above for GDPR) does not use HTTPS. C’mon, girls and boys. Time to step up your game, especially since you’re trying to regulate an entire continent and want the world to follow!
Let’s get back to dealing with your own challenges. A necessary requirement for cybersecurity decision-making is something amazingly simple but – in our experience – poorly done: being aware of your surroundings. Without that awareness, during the best of times, you will be literally flying by the seat of your pants at the speed of light and at the worst of times, tripping over falling “logs” hoping not to break your legs.
Let’s get back to basics, and we will do so by asking the following question: what do you pack when you go on vacation? We’re willing to bet a bright shiny penny that you are about to ask: well, it depends… where am I going?