Originally Published on SDICyber on May 23rd, 2017
Protecting yourself in cyberspace requires multiple solutions working all together
Be cautious of the cybersecurity vendor that promises you a technical solution that will solve all of your cybersecurity problems. Life, unfortunately, is not that simple and a one-size-fits-all approach is bound to get you in trouble given today’s cyber complexities. Similarly, simply adopting a solution may not be enough. How you implement that solution could be the difference between operating a safer network or, inadvertently, making your network more vulnerable. One such solution is encryption.
In two articles posted on Tripwire, I make the case with Paul Ferrillo of Weil, Gotshal & Manges LLP that encryption and tokenization are good solutions (that are under-utilized from our experience) but that poor implementation of them can be the perfect recipe for your worst nightmares.
Why do such useful technologies come with this big caveat? The reason is because a “big picture” approach to cybersecurity has not really taken hold yet. As I have mentioned in a previous post, I view cybersecurity security in the following manner: network security + information security = data security. The most basic questions, particularly at the board level, may not be getting asked, such as “what are our crown jewels?” or “where do we house our data?”
These are governance issues at their core, not technological ones.