A recent Security Affairs article posits: “There’s a prevailing mindset that suggests if organizations ban all the things that pose risks to overall cybersecurity, they’re taking the most effective approach to make their organizations secure.” It goes on to explain that while this might seem like the best way to manage the constant onslaught of security issues, it isn’t necessarily the best way to do business, nor does it offer the most flexible way to handle technology and its constant changes.
Blanket bans of technology, taking responsibility out of tech experts’ hands as well as limiting the ability of other departments to adopt tools and solutions that can give them more control and efficiency, are one way to ensure that you close the door to innovation. Such bans also can breed a culture of complacency, i.e. “we don’t need to worry or think about this because it won’t affect us if we have shut the door completely on X, Y or Z”. And complacency is the last thing any company needs.
This, as Security Affairs shares, is oversimplifying that is both too complex and too important to set on the backburner. Vigilance means that organizations and its employees need to work together to make cybersecurity a priority - and to keep it top of mind.
How restrictions hamper progress - and don’t equal better security
- Banning specific technologies and technology providers can be short-sighted, having a negative ripple effect in that this can limit or prevent access to technology.
- Many corporate cybersecurity plans take specific companies or technologies into account without understanding the underlying vulnerabilities or the full architecture and weak points within it, leading to gaps and issues.
- Enforcement can be weak in that a company can ban a piece of software or technology but cannot necessarily, easily, monitor how their employees comply with these policies. The widespread use of apps and mobile devices makes this much more difficult to monitor and enforce, leading to potential gaps in security measures.
- Bans can prevent employees from accessing and using tools that pose no great threat but do improve their performance or overall results.
- Security policies are rarely, if ever, comprehensive. Risk assessment can be thorough, but there will always be blind spots and unforeseen gaps for which no one was prepared. Restricting access does not protect anyone from shortcomings (for example, in software that has not been vetted and is still permitted). As Security Affairs notes, “…instead of enforcing bans, the better approach to take is to figure out how to use software in ways that protect a company’s information.”
This is what cybersecurity vigilance is all about. There is no way to guarantee 100% safety and security, but there are many measures companies of all sizes can take to put protective measures in place. Cyberthreats are constantly coming, and infiltrate even the securest of systems. Thus, proactively putting in place a flexible security strategy and implementing security policies that monitor security risks at every level, and put security measures in place where and how they make sense, will be more effective and sustainable in security your infrastructure and information.
Ready to learn how Varnish can help you develop a robust, secure-by-design plan to protect yourself against cybersecurity threats? Download our latest security white paper to learn more.