Consumers, businesspeople, and policymakers clamor for more technology and integration. “The Internet of Things” has certainly enhanced everyone’s quality of life. But to telecommunications security personnel, technological empowerment comes at a cost.
If one asks cybersecurity expert Ronnie Royston of Baton Rouge, Louisiana, “How safe is my network?” Ronnie will likely answer, “Not as safe as you’d like it to be.”
The Reality of the Situation
Ronnie Royston doesn’t hate technology — far from it. After enduring a few years of professional meandering and armed with a university degree in philosophy, he found his calling in telecommunications and programming. But Ronnie has seen many different kinds of security breaches. And he challenges his clients to grasp a better reality of their cybersecurity situation.
A lock only keeps honest people out. This point is self-evident. The locks on your front door don’t actually prevent a determined intruder from getting into your home. Bank vaults are breached and looted regularly.
When it comes to network security — implied attack vectors from wireless Internet, for example, hackers treat authentication and firewalls in much the same way as robbers handle door locks. It’s not always a deterrent. Sometimes it’s an enticing challenge.
The Threat
The most common threat to an organization’s network is data loss, says Ronnie Royston. Sometimes, the data loss occurs when malware destroys data. Other times — and more devastating — someone steals private information, including personal identifiable information (PII) and payment information.
The more an organization stores and uses confidential information, the greater the threat. And if that organization does not take steps to preemptively deny intruders the opportunity to exploit cyber weakness, the chances of a security breach are quite high.
In the cybersecurity sector, experts suggest that it is not necessary to “outrun the bear.” Rather, networks with stronger deterrents than many of their peers typically manage their cyber risk the best. As such, the battle for network security is never done. Advancements for white hat technology are unfortunately tools for unethical individuals as well.
At the same time, over-zealous CISOs might take extra measures to bulk up security in a way that sends signals to hackers for where to “dig for treasure.” For example, a robber takes special notice of a safe in the closet (a metaphor that Lonnie Royston uses often). Similarly, information security officers miss the opportunity to cloak their security measures for increased cybersecurity.
Employees and guests often present the single greatest threat to lost and stolen data. Ironically, it is not the employees or guests venturing onto the network with the intent to steal or destroy data. Rather, the network holes that their internet behavior leave unattended give intruders the chance they need to do as much damage as possible.
Wherever a wireless signal sends and receives data is a location where someone may intercept that data. Lax network security increases the number of attack vectors and leaves enormous opportunities for intruders to do their worst.
Ronnie Royston on the Solution
Cybersecurity solutions come down almost entirely to policy and tools. Data retention and security policy educate all employees, contractors, and clients about compliance and security protocols. The greater the participation and general awareness, the more difficult it is for intruders to easily breach cybersecurity measures.
These network security policies focus on how personnel manage company and client information within the organization. Backups into onsite servers or dedicated cloud servers retain critical data in the event of its sudden loss. File deletion policies significantly decrease an organization’s liability in the event of a breach.
The volume of available data security tools is enormous. That’s why it’s important for businesses to partner with cybersecurity experts who can examine the nature of network operations and recommend a suite of security tools.
Ronnie Royston is a CCIE and owner-operator at High Tekk. Over the course of his professional career, Mr. Royston has managed system security and telecommunications for corporations such as Global Data Systems, Avnet, Datavox, and Onepath LLC.