The old saying, “Time flies by when you’re having fun” is true. Time seems to only go faster as you age. I’ve been at McKonly & Asbury for over 20 years and technology has vastly changed over that time. The first BlackBerry device was just coming out in 1999 when I was first hired. What a sweet keyboard that was for those of you who are as old as I am and can remember that. Bottom-line is technology has evolved, have your solutions done the same? Are the risks of those days still risks today for your organization? Do we have additional risks today we didn’t have years ago? Is your organization’s current technology to mitigate the risks of today the same technology you used to mitigate risks in the past?
Most security professionals would agree some risks of the past are not much of a concern today since our security hygiene or baseline has risen over time and most organizations would not think about rolling out technology upgrades, platforms, applications, etc. without certain security. That security includes, but is not limited to, dual factor authentication, Intrusion Protection System (IPS), change management, encryption, and central monitoring of logs.
Risk Assessment Process
With all the new technology available to mitigate current risks, are you utilizing the best security to mitigate your risks? Is your annual risk assessment not only identifying risks and mitigating factors for those risks, but determining the best solution for the risks identified? I have found that organizations which have mitigated risks they identified with an application or appliance in the past rarely review whether that solution, while being the correct solution in the past, is still the correct solution today. While the solution may still mitigate that risk, is there a solution that will help mitigate that risk plus other risks? A great example is anti-virus. Can the product you put in place 15 years ago successfully mitigate the threat of ransomware? If it can’t, why are you still using the older product? Yes, the product still does what it did years ago, but it may not be evolving to fulfill your mitigation needs of today.
Not only do we need to look at new solutions but past solutions, during the risk assessment process, that may still be working but are not optimal. I encourage organizations to look closely at older solutions to analyze whether the organization would pick the same solution today.
As a leader in Cybersecurity Services, McKonly & Asbury’s team of experts strive to help clients effectively and efficiently through the risk assessment process. If you have any questions about cybersecurity threats, we are here to help. Contact David Hammarberg, Partner and Leader of McKonly & Asbury’s Cybersecurity Practice at firstname.lastname@example.org.