May 22, 2020
In today’s technological environment, businesses of all kinds face increasing pressure to be aware of cybersecurity risks. Unfortunately, not all businesses see eye-to-eye on how to make sure their cybersecurity is tight and effective. Consequently, blind spots can sometimes emerge when businesses with vastly different cybersecurity resources or strategies find themselves working together. When such dealings concern sensitive data — like the personal information of customers or employees — these blind spots represent major liabilities for the parties involved.
Unfortunately, the nature of both our global economy and the technology we use means that businesses can’t just stop collaborating. The question is: how can different organizations adopt a common approach to cybersecurity so that there are fewer vulnerabilities for hackers and other bad actors to exploit?
Businesses that talk to each other about cybersecurity might be in the best position to lead a push for universal standards since they’ll likely have the most informed perspective. In the following article, we’ll look at what can happen when companies fail to communicate effectively about cybersecurity and examine some tools that responsible business owners can use to prevent similar mistakes from happening.
Third-Party Vendors Risk and The Great Target Debacle of 2014
There’s a story from several years ago that perfectly illustrates the need for businesses and their vendors to communicate clearly about their cybersecurity capabilities. The short version is this: in 2014, a group of hackers was able to steal credit card details and other sensitive information from over 110 million customers of retail giant Target by targeting the much smaller company in charge of their HVAC systems — essentially using it as a back door through which they could access the larger company’s network. To make matters worse, Target had apparently given their HVAC providers much greater access to their central servers than was necessary, which let the hackers to reach things like payment systems instead of just the chain’s network connected HVAC devices.
This story has the potential to be especially concerning, because big businesses aren’t the only ones who rely on third-party vendors and partnerships. In fact, any company dealing with an HVAC company, an outside consultant, or even an ISP could potentially be at risk of leaking sensitive data through those organizations if they don’t discuss their cybersecurity needs with each other and take steps to limit unnecessary exposure.
How Can Companies Get on the Same Page with Cybersecurity?
With so many companies approaching cybersecurity differently and so much resulting potential for data to be lost, it’s easy to see the industry as a virtual Tower of Babel — with everyone trying to communicate in different languages until things inevitably sink into chaos. However, that perception isn’t entirely accurate. In fact, there already exists a framework for organizations to understand and improve their approach to cybersecurity risk management. It’s called NIST CSF, and it’s actually been around for years.
NIST is the National Institute of Standards and Technology — a part of the U.S. Department of Commerce whose mandate is to “promote innovation and industrial competitiveness” by improving technology and the ways in which organizations use it. Their cybersecurity framework (CSF) outlines policies that private businesses can use to “prevent, detect, and respond” to cybersecurity threats.
NIST regularly holds events and delivers presentations about cybersecurity, but here’s the catch: the CSF isn’t just a checklist you can complete. Instead, its function is to help companies determine their goals and then consider the resulting cybersecurity threats as part of their process for risk management. To put it another way: in today’s world, cybersecurity risks are a given. It’s how you avoid the unnecessary ones and deal with the necessary ones that matters.
That’s why using NIST CSF in a vacuum isn’t enough. If you want to make sure that you and your vendors are all looking out for the same threats, it’s vital that you talk to each other about the ways in which you’re each using these standards. Omnistruct has built a platform that allows clients to share data about how they’re using NIST CSF with their partners and vendors, which allows organizations that work together to assess each other’s compliance and avoid cybersecurity vulnerabilities.
Communication — Not Secrecy — is the Key to Tighter Cybersecurity
Paranoia about being hacked can drive some organizations to be secretive about their cybersecurity strategies, but in the end this helps no one. The key is simply to share information about your cybersecurity practices with the right parties via secure channels, so that you and the businesses you work with can stay on the same page. As technology brings businesses of all kinds closer together and creates new risks to be aware of, it will be more important than ever to ensure that your organization and those connected to it — in any way — are all giving cybersecurity the attention and respect it deserves.
About the Author: Chris Lee
With over a decade of experience in tech, sales and marketing, Chris Lee is the President of Reel Axis and Co-Founder and Chief Geek of Channel Bytes. He has spent his career solving problems for resource constrained companies with his ability to bring people, processes and technology together to support organizational growth. Prior to founding Reel Axis and Channel Bytes, Chris held several senior sales and marketing executive roles with technology distributors, vendors and MSSP/VARs across the US.
Chris is a proud foodie and avid “gadget guy” who currently lives in Oceanside, California with his wife, two children and two dogs.
About Reel Axis
Reel Axis is a technology firm specializing in the design and execution of go-to-market programs. Our Channel Bytes SAAS platform brings together proprietary software and various toolkits to enable companies to better tie together their sales, marketing and communication efforts. Our platform seamlessly integrates into companies’ existing infrastructure and features to save time and money. We bring people, process and technology together using personalized strategies that are easy to implement and measure.
Stay in the Know on Changes in the Channel
Our once-monthly newsletter is curated for people working in the IT industry. Get your copy today.
Yes, Security is Still Important a Year into the Pandemic
As we mark the first anniversary of the COVID-19 pandemic, remote work and remote learning have both become the norm. Unfortunately, this shift to remote learning brings with it a myriad of cybersecurity concerns that need to be addressed in order to keep your...
Opportunities Being Created by the Biden Administration’s IT Infrastructure Push
President Joe Biden plans on investing $10 billion in US IT infrastructure and security as part of his proposed $1.9 trillion COVID-19 relief plan. In the wake of the devastating and far-reaching SolarWinds attack, it has become clear that the United States needs to...
Starlink is Now Offering Internet Service Across North America (& What That Means for the Future of Broadband)
Having access to fast, reliable, and affordable broadband has become essential, particularly during the ongoing global pandemic. However, according to the FCC’s Eighth Broadband Progress Report, 19 million Americans (approximately 6% of the population) still lack...