Did you read about the recent large data breach? It happened at T-Mobile in the US. The cell phone carrier said the stolen data included first and last names, birth dates, SSS numbers and driver’s license information from 40 million current and potential customers.
This is not a single case and data breaches happen more and more by vicious cybercriminals. Companies everywhere will need to undergo a shift in cyber culture, engaging data engineers and network security professionals in the search for vulnerabilities.
When companies think about cyber-security training, they often focus on employees outside technology. This makes sense because data breaches often happen at the operational level. This is the reason why we are training people at the operational level so they could understand the responsibility they carry in working with data. They are at the frontline of cyber-security risk without the appropriate training.
But we need to train the data engineers and network security professionals also. Who knows about engineering systems? The engineers. Who has been excluded from the world of cyber security? The engineers. Cyber-security skills are the next natural step for a career in engineering as companies rely on engineers to operate secure systems.
Engineers and network security professionals have to look for anomalies in the network or in processes. Issues within processes are often absent from network irregularities.
Engineers may be fundamental to a given business, but inclusion in cyber security is part of a greater cultural movement. The penultimate test of a cyber-ready company culture is one where employees think differently—business continuity is not the sole indicator of a secure network. This is where training comes into play.
When overhauling a culture of cyber security in an organization—or lack of a culture—we recommend revisiting the basics. Companies should be able to answer:
How effective is our training? Are employees well-versed in security?
Do we consider and implement security throughout our design process? Is security a component of maintenance measures?
Are vendors asked to add security to their offering? Are our partners best of breed?
Security has a role to play when it becomes tempting to connect and monitor everything in an environment. Instead of reacting to monitoring and concluding something is broken, engineers should instinctively ask “have we seen an increase in the data? Is it giving some peaks and some spikes that we haven’t seen before?” Or unusual information consumption.
By combining the expertise and observations between engineers, security professionals and people in operations, companies have an entirely new dataset to review for abnormalities or vulnerabilities that threaten the business as a whole.
If you don’t have the ability to know whether incidents were cyber related or not, training and everything else is going to be so important.
If you need assistance in the shift in cyber culture to avoid data breaches, let me know; we have access to experts; contact me at [email protected]