Issue Twenty Eight

Written By Kenneth Holley
Target Lock

August 2023

Cybersecurity has evolved as an all-encompassing priority, interweaving human behavior, data security, software liability, and the criticality of digital trust. We're transitioning from simple awareness of cyber threats to ingraining deeper, instinctive responses, with the aid of innovative training techniques transforming human vulnerability into a formidable defense.

Data, organizations' lifeblood, is a double-edged sword, driving growth while attracting cyber threats. To shield this invaluable asset, a judicious blend of encryption, data masking, stringent access controls, vigilant prevention tools, and reliable backups must be deployed. Simultaneously, software manufacturers are ushered into an era of increased responsibility, securing proprietary code and open-source components alike.

Amid this complex framework, the concept of digital credibility emerges prominently. It embodies a dedication to safeguarding stakeholders, honoring ethical norms, and fulfilling societal expectations. Transparency, expert leadership, and well-rounded programs for credibility form the foundational pillars for instilling confidence and assurance.

This issue of Target Lock illuminates the path on our journey to a secure digital future, navigating the intertwining realms of human behavior, data security, software liability, and digital trust. As we innovate and evolve, earning and maintaining digital trust will unlock the profound advantages of adaptability, vigilance, and accountability - crafting the future of cybersecurity. Enjoy.

ZEROING IN

Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis

SecurityWeek

We all had to move quickly to maintain operations during the lockdown of the pandemic. This meant adopting new technologies to keep our teams connected as they “worked from anywhere.” Adoption at a pace that – in many cases – was far too rapid to truly grasp the power of this new interconnectivity. As cliché as it might sound, with great power does come great responsibility.

That responsibility has come into the spotlight as of late. As teams now grapple with technology sprawl and digital literacy, a great reckoning is emerging for business leaders to foster a new environment of collaboration and education. One that strives to better align the people, processes, and technologies acquired during the pandemic to positively impact business outcomes.

”Technology alone doesn’t foster better collaboration, eliminate siloes, or elevate performance – people do. We have to continually encourage our people to embrace new ways of working, seek learning opportunities, and develop their skills as we roll out new tools or new practices.”

In building this new level of digital acumen, we create environments in which we reinvent the customer experience and the employee experience, we future-ready our team members by advancing their skillsets alongside the advancements in technology, and we create a culture that not only retains our existing talent but entices new talent to come aboard and continue their development.

SQ Insight: Kenneth Holley - Chairman

What is data security? The ultimate guide

TechTarget

An unsecured data house is a ticking time bomb. Ignoring the responsibility of protecting that house can lead to catastrophic losses, damaging both the bottom line and reputation. Every business leader understands that data is the critical engine driving their organization, however, the complexity of maintaining the engine seems to be the sticking point for most.

Hard work is hard work. But, on the other side of this hard work is a level of confidence and assurance few organizations can stand behind in our digitally transformed world. Embedding data security into your strategy isn't a simple nice-to-have; it's a requirement for survival, and increasingly, a unique selling point.

Let's delve into the fundamental components of data security, providing a roadmap to building a robust defense:

  1. Adopt Encryption: Think of encryption as your data's covert language, baffling to outsiders. It transforms your data into a code decipherable only with a specific decryption key. Utilize encryption to ensure your data's confidentiality, regardless of its state or location, setting up a formidable first line of defense against unauthorized breaches. 

  2. Implement Data Masking: Access to data within your organization should adhere to a need-to-know basis. Data masking achieves this balance by replacing sensitive data with functional counterparts. It's particularly useful when data is in use but revealing the actual information carries risk, such as during software testing or analytics. 

  3. Enforce Access Control: In essence, access control ensures that the right people have access to the right data. Establish strict controls based on roles and responsibilities to minimize unauthorized access, thereby reducing the likelihood of internal data theft or unintentional modifications. 

  4. Deploy Data Loss Prevention (DLP) Tools: DLP tools serve as the guardians of your data. They monitor the movement of sensitive data in, out, and within the organization, notifying you of potential breaches and preventing data leaks before they occur. 

  5. Schedule Regular Data Backups: Always be prepared. Despite stringent security measures, data loss can still occur due to human error, system failures, or unforeseen circumstances. Regular data backups guarantee that a copy of your data is always available, enabling swift restoration of your business operations if needed.

Understanding and implementing these components individually is vital, but the real strength comes from their strategic integration. Together, they create a formidable shield, protecting your business data from cyber threats.

As cyber threats increase and the regulatory landscape evolves, businesses can no longer afford a casual approach to data security. Get familiar with your data - its location, usage, and transfer patterns. This knowledge forms the bedrock of your data security strategy.

Equip your business with the right data protection tools and strategies. Use encryption and data masking to add layers of data security. Apply stringent access controls and use DLP tools to thwart data breaches. Regularly evaluate and update your security measures to stay ahead of evolving threats.

Data security should be viewed as a crucial part of your business's long-term resilience. It's not a one-off task but an ongoing commitment that ensures business continuity, builds trust, and fuels success. Start viewing data security as an investment rather than a cost. After all, the journey to secure data isn't just about risk mitigation—it's about paving the way to lasting success.

SQ Insight: Adam Brewer - CEO

Companies Need to Prove They Can Be Trusted with Technology

Harvard Business Review

Social and environmental goals are on nearly everyone’s agenda, so blending cybersecurity into the mix is a great place to create those advocates. After all, it is our responsibility to protect not only the business, but the relationships that help us continue to grow the organization. This includes our team members, partners, supply chains, customers, clients, and everyone that has come to rely on the business. We must begin to frame our Environmental, Social, and Governance (ESG) goals with this notion in mind.

”Cyber risk is the most immediate and financially material sustainability risk that organizations face today. Those that fail to implement good governance on cybersecurity, using appropriate tools and metrics, will be less resilient and less sustainable. This in turn has an impact on the other organizations they rely on, and ultimately on the stability of companies, communities, and governments.”

This becomes increasingly relevant as we look at the fact that intangible assets now account for 90% of the asset value of modern organizations. These are assets that are not physical in nature and are in many cases massive amounts of data being collected after pandemic-driven digital transformations – giving immediate validation to having a sound cybersecurity strategy built upon solid frameworks.

And while cyber insurance has been the default solution for many, the lack of security controls and subsequent increase in breaches is changing that. Insurers can no longer afford to bear the burden of protecting the organization and are requiring attestation to a heightened standard of cybersecurity to ensure coverage.

All of this ladders up to our social responsibility to not only build organizational resilience but to establish the ability to measure its maturity. Sustainability relies on the understanding that eliminating all risk is impossible and therefore building resilience is non-negotiable.

SQ Insight: Kenneth Holley - Chairman

Software liability: The hard truths of holding manufacturers responsible

SC Media

With the recent efforts of the Biden administration to reevaluate the distribution of liability for software manufacturers and users, fresh perspectives have been shed on the current landscape of software creation and usage. This renewed scrutiny has sparked debates on feasibility, possibilities, and responsibilities on both sides of the table.

This Article explores the debate from multiple angles, emphasizing the unquestionable need for improvements in a security-focused product development pipeline for all software. The era of untouchable end-user license agreements that absolve software manufacturers of any responsibility for damages caused by their products is not sustainable for an increasingly digital future.

However, delving into the intricacies of applying liability for software security opens a Pandora's box of uncertainty due to the complexity and interdependency of modern software development. While the metaphor is not perfect, many liken this issue to regulations in the automotive industry, requiring manufacturers to include seatbelts and other safety measures by default and holding them responsible for damages caused by shipping an unsafe product, regardless of whether they personally constructed each element or integrated components from others.

This detail is particularly relevant in the world of software development, where even large enterprise-level projects often integrate code from open-source projects maintained by small groups or individuals with no affiliation to the company. The implications of manufacturers being held liable not only for the security of their written code but also for the open-source projects they leverage within their own projects will profoundly affect all manufacturers, both small and large.

The takeaway from all of this is that the growing pressure to hold creators responsible for their products will ultimately benefit consumers who fully integrate these products into their lives. However, given the complexity of this endeavor, it is safe to assume that there is still a long way to go before we can completely rely on these initiatives to produce products that we can trust at face value. This highlights the importance of vetting your digital partners before incorporating their products into your ecosystem, as well as the need for comprehensive and thorough update procedures to ensure that your team operates with the best possible version of the tools you employ.

SQ Insight: Chris Ellerson – Director, Client Experience

Kenneth Holley

Kenneth Holley's unique and highly effective perspective on solving complex cybersecurity issues for clients stems from a deep-rooted dedication and passion for digital security, technology, and innovation. His extensive experience and diverse expertise converge, enabling him to address the challenges faced by businesses and organizations of all sizes in an increasingly digital world.

As the founder of Silent Quadrant, a digital protection agency and consulting practice established in 1993, Kenneth has spent three decades delivering unparalleled digital security, digital transformation, and digital risk management solutions to a wide range of clients - from influential government affairs firms to small and medium-sized businesses across the United States. His specific focus on infrastructure security and data protection has been instrumental in safeguarding the brand and profile of clients, including foreign sovereignties.

Kenneth's mission is to redefine the fundamental role of cybersecurity and resilience within businesses and organizations, making it an integral part of their operations. His experience in the United States Navy for six years further solidifies his commitment to security and the protection of vital assets.

In addition to being a multi-certified cybersecurity and privacy professional, Kenneth is an avid technology evangelist, subject matter expert, and speaker on digital security. His frequent contributions to security-related publications showcase his in-depth understanding of the field, while his unwavering dedication to client service underpins his success in providing tailored cybersecurity solutions.

Previous

Issue Twenty Nine
Next

Issue Twenty Seven