Setting New Year’s Resolutions is great, but when it comes to cybersecurity, you can’t set new goals once a year. Why? Because new threats pop up seemingly every day, regulations get updated and new trends emerge.
As the days tick by and we officially begin summer, business owners and Chief Information Officers at companies around the country are taking stock of the first two quarters of 2016 and the end of the fiscal year.
What went well? What can be improved?
At ZZ Servers, where we interact with companies of all sizes, we’ve taken notes of our own, and are sharing the top trends we’ve noted so far in 2016. Use these. Share these. And most of all, set some mid calendar year resolutions for your company.
TREND 1: Companies are looking for solutions to problems, not just products.
More times than not, companies come to ZZ Servers after they experience something painful in their business and with their networks.
But it’s not specific products they’re after. It’s solutions.
By far, the biggest challenge-solution we see are with companies needing to maintain PCI Compliance. It’s the number one thing that anybody who sells anything online (meaning they accept credit cards) needs to be aware of from a cybersecurity standpoint.
The compliance requirements are daunting, challenging and abstract at best – all of which can be very demanding of time, and ultimately money.
Just one of many compliance mandates requires companies to perform continuous log monitoring and review. That one task could be a full time job. A small company selling things online probably can’t afford an IT person to do nothing but review logs all day.
At ZZ Servers we have streamlined log monitoring and review tasks. We’ve built the tools to review and a process that is certified PCI compliant (we have third party auditors review our processes to PCI Service Provider Level 1 annually). Our product offers a solution that is more cost-effective than performing it in-house.
Companies are seeking more solutions like that.
TREND 2: CEOs are looking for people they can trust.
How many times have you read a headline about a big company getting hacked and having to pay out millions in settlements or fees?
Chances are it’s been a lot.
Many cybersecurity companies out there – and more and more are popping up as they see the vast market created by hackers – are talking about these stats and nothing else. They’re breeding fear instead of trust.
While hackers are something to be aware of, it’s education that’s needed.
With education comes trust.
One of the challenges that larger companies face as the threats become more real is that cybersecurity wasn’t something they were spending money on before. Today, CEOs are being told to double their budget on compliance.
Unless they have someone they trust to tell them why, or how to allocate that budget, they aren’t going to spend that money.
As a result, executives are looking for trusted companies to educate them on what to do and how to best do it.
How can companies figure out if they can trust a firm?
We’re telling executives to ask potential cybersecurity firms the following:
- How do you respond to incidents?
- How fast do you respond to a data breach?
- Are you available 24-hours a day?
- Do you correlate incidents between systems?
- Do you have a big picture of the environment to see historic and statistical data?
- What are you doing to stay updated on the latest trends in cybersecurity and the latest updates?
- Are you doing detailed background checks on your staff?
- How does your staff receive continuing education?
- What types of compliance and certifications (third party validations) do you have in place?
TREND 3: Everyone wants to move to cloud-based services.
There’s no doubt, companies are moving more to cloud based services. But they don’t always know what that means or the implications to the security of business data.
In fact, the term itself is often misused. The “cloud” is very convoluted and means many different things to many different people.
At ZZ Servers, we see the cloud as a method of abstraction – it extracts the end user from the process of computing.
Think about it this way. Before, if you wanted to get money out of your bank, you had to go to the bank, prove you were who you said you were before you could get your money.
With the cloud, and a banking app, customers don’t care about where the servers are or how they work, they just care that you can access your account.
For the business executives wanting a cloud solution, these are the things ZZ Servers is starting to talk them through.
When a customer tells us they need a compliant cloud solution, we ask them what they mean. We get them to step away from the using the word cloud to describe what they need to create and rather explain the solution they want to deliver.
TREND 4: Cybersecurity extends to third party vendors.
Look back on the Target breach. If you read the after action reports you’ll note that it was a third party vendor of Target that created the weakness that allowed the hackers to get in.
As we move in the latter part of 2016 and the start of a new fiscal year, business owners who have already ensured they are compliant are looking to their own third party vendors to make sure there are no weak links.
TREND 5: There’s always a new trend.
There’s always a new trend in cybersecurity. Business that have trusted cyber advisors can count on them to keep them up to date, but executives should also work to educate themselves.
As always, call ZZ Servers with any questions.