May 15 2023

In Uncertain Economic Times, Build a Robust Security Program

Experts say there’s no such thing as 100 percent security in today’s economic climate, but risks can be reduced with security training and a triage approach to the biggest threats.

The more volatile the economic moment, the stronger the security you need for your business. “Security is the No. 1 thing that keeps executives up at night,” said Ted Stein, Senior Director of Americas Cloud Infrastructure and Software Group at Cisco, at last month’s CDW Executive SummIT. “As leaders, we are always asking ourselves, ‘How can I protect my company data, my customer’s data, and deploy zero trust at every point in an organization?’”

The answers to these questions are complex, but it all starts with deploying security safeguards throughout your organization and tapping into industry trends. “You can’t just think within the confines of your company. You have to strategize in the context of the larger climate,” Stein said.

Click the banner below to receive exclusive industry content when you register as an Insider.

For example, if economic headwinds shift due to political tensions, it might be a good time to amplify your ransomware defenses. If you’re undergoing a period of change management, strengthening zero trust could help. Each threat inspires its own defensive solution.

At the CDW SummIT, experts made it clear that patching one security vulnerability at a time is not sufficient. Instead, security should include a  core component of IT strategy. This helps lay the groundwork for advanced anomaly detection and staff security trainings.

WATCH: Get all the core takeaways from IT leaders at the CDW Executive SummIT.

Address Each Security Risk Systematically

Often, if one security vulnerability is left undetected, it can spread and pose significant risks. That’s why experts at the SummIT encouraged executives to make considerate, strategic moves with their staff, data, cloud and investments. Even something like moving data to the cloud requires IT leaders to employ skill and agility in their decision-making, said Bob West, chief security officer for Prisma Cloud at Palo Alto Networks.

To develop a systematic approach, IT leaders must consider how a move to the cloud will impact the rest of their business. This means thinking beyond the customer cloud journey about how this decision will impact the rest of the organization’s security.

TS Headshot
You can’t just think within the confines of your company. You have to strategize in the context of the larger climate.”

Ted Stein Senior Director of Americas Cloud Infrastructure and Software Group, Cisco

Prioritize Your Biggest Security Threats

“There is no such thing as 100 percent security,” said Dan Schiappa, chief product officer at Arctic Wolf. “It’s a hard fact to hear, but the sooner you accept that, the faster you can prioritize each threat and deploy an incident management solution,” he said. These solutions run in the background of your organization’s infrastructure and detect threats. Schiappa said to prioritize the biggest threats first when your team is patching certain vulnerabilities. Trying to solve all problems at once will backfire. “You could be looking at a vicious cycle of continuous incident engagements,” he said.

Train Your Team to Identify Security Threats in Context

“The biggest thing IT leaders need is context into their security solutions,” Schiappa said. “Gaps in security don’t just happen coincidentally. There’s always a connection to something else,” he said. That’s where security analysts come in. Analysts can find the missing links and diagnose security threats.

LEARN: Find out how to build a risk-based security strategy in your organization.

For companies with fewer analysts, consider training staff on security protocols that include hacker detection behavior. Companies can use any recent attack as a teaching tool. “Re-create the attack from the beginning to determine where the hacker got in,” Schiappa said. Proceeding step by step like this removes ambiguity from a cyberattack, Schiappa explained.

DS Headshot
Gaps in security don’t just happen coincidentally. There’s always a connection to something else.”

Dan Schiappa Chief Product Officer, Arctic Wolf

Pairing employee trainings with incident management solutions is ideal for a robust defense. “We talk about security as being automated to check for the issues we may miss, which is true, but hackers happen to love human beings,” Schiappa said. “No matter how strong the ecosystem, humans are always going to fall prey to scams,” he said. Understanding the language of hackers makes your team instantly stronger.

Jeremy Wittkop, principal enterprise architect at Proofpoint, said that “there’s an art and science to information protection, and the two must coexist,” he said. The science is the technology that auto-detects anomalies, and the art comes via human beings that experience security breaches and crave safety. “We need to demonstrate the importance of building an effective security training program that speaks to both humans and technology,” he said.

Keep this page bookmarked for articles and videos from the event, follow us on Twitter @BizTechMagazine and join the event conversation at #CDWSummIT.

LeoPatrizi / Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT