Technology Is Not Enough: Why You Need a Personal Approach to Cybersecurity

August 8, 2019 Arctic Wolf Networks

When a major data breach is in the news, it serves as a reminder for organizations to review their own cybersecurity strategies.

Often, people want to know whether they’re using the best tools to keep their data safe. But that’s not necessarily the right question to ask.

What the headlines don’t tell you is that many breaches don’t happen because of a technology failure. They happen because there wasn't enough focus on the needed people and processes.

Smiling holding a laptop with high-tech data and graphics on a screen behind her.

People Are an Important Defense Layer

When talking about a multilayered defense strategy, there’s a tendency to look at tools — your firewall, intrusion detection systems, and endpoint detection. Those are, of course, important. But people are a key component in your cybersecurity strategy, both from a risk mitigation perspective and a monitoring perspective.

Risk mitigation: 

According to Verizon’s 2019 Data Breach Investigations Report, phishing is the main vector involved in data breaches, while 94 percent of malware is delivered via email. What do those two have in common? They both exploit your biggest security weakness—the human layer.

Train internal employees on security best practices to strengthen your security posture. By implementing a strong awareness program, you can significantly improve your ability to safeguard against threat actors.

Security Monitoring:

There’s a lot of discussion in the industry about the benefits of artificial intelligence and automation. While advanced technology can bolster your defenses, it only goes so far.

You still need a human expert to understand the context. Who’s sifting through incidents to make sure the tools are flagging legitimate threats? Do you have experts who can act on those insights?

Security Is Only as Good as Your Processes

Let’s return to the fact that news stories often look at data breaches through a skewed technology lens: 

The WannaCry ransomware campaign? Attackers exploited a vulnerability in unpatched Windows computers.

Deep Root Analytics’ massive voter records leak? A misconfigured AWS bucket.

Those may sound like technology problems, but in reality, a lack of proper processes caused these incidents. If you don’t have a process for patching vulnerabilities or scanning for misconfigurations, the best combination of technology and people won’t fully protect your data.

Processes range from finding out where vulnerabilities lie to monitoring around the clock to having a plan for when (not if) the worst happens.

  • Are you actively researching new threats and vulnerabilities?
  • Are you prioritizing assets?
  • Do you have an incident response plan?
  • Do your people know what steps they need to take should a breach occur?

If you haven’t answered yes to all these questions, make reviewing and implementing proper processes a top priority.

SOC-as-a-Service Takes a Three-Prong Approach

Managed services, in particular 24/7 security operations center (SOC) monitoring and management, is the largest segment in the growing spending on cybersecurity globally, according to IDC. One of the main drivers for the growing demand for SOC-as-a-service is the shortage of security staffing and skills.

SOC-as-service solves the talent gap challenge by giving your internal IT or security team 24/7 access to highly skilled analysts and incident responders. It’s a holistic solution that brings people, technology, and processes to the table. SOC-as-a-service integrates best-in-class tools with human experts who can guide you through your processes and help you close the gaps.


Previous Article
Small Enterprise, Big Target: Five Reasons Why Cybercriminals Attack the Little Guys
Small Enterprise, Big Target: Five Reasons Why Cybercriminals Attack the Little Guys

The 2018 Verizon Data Breach Investigations Report found that 58% of victims were businesses with fewer tha...

Next Article
These Eight Metrics Help You Quantify Your Cyber Risk
These Eight Metrics Help You Quantify Your Cyber Risk

Tracking a variety of metrics over time helps provide a clear picture of your risk and how it evolves as yo...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!