Here are three security takeaways from this year’s event:
Approach Business Security with an Intent to Mitigate Threats
“There’s no victory condition for security,” Kiemele said in his Security 101 session. “It’s not winnable; it’s a constant struggle against an evolving risk.”
Taking any step toward mitigating risk can have a great payoff for companies down the road. To determine the most pressing risk factors facing an organization, IT leaders should brainstorm with company leaders and other employees, Kiemele said. The goal is to strike a balance between mitigating the largest risks and ensuring smooth business continuity.
“Think about the cost of mitigation versus the value of the assets,” Kiemele suggested, adding that sometimes companies need to make small changes to give themselves time to invest in larger, longer-term security solutions.
One major way to mitigate risks in an organization is through reduced complexity.
“Anything that allows you to centralize your tech stack or security controls is a good thing,” Kiemele said. “Get to a spot where it’s easy to understand what is going on. Security is a mile wide and a mile deep.”
Security Relies on Tools, People and Processes for Maximum Efficacy
Phishing and social engineering are two of the most common ways cybercriminals can bypass organizations’ security features to install malware. “A single failure can impact dozens or hundreds of systems,” Kiemele said. “Something gets into your machine and replicates and moves through your network laterally through your user machines or servers.”
Training employees to recognize phishing and social engineering tactics is a great way to mitigate risk. They should understand the threat posed by cyberattacks and the ripple effect these breaches can have on an enterprise.