Every organization must implement practices to prevent and combat potential cyberattacks, and understand that there is also a human factor to cybersecurity.
A Harvard Business Review article identified the key principles at the heart of the U.S. military’s success in stopping attacks on its systems and quickly containing the few intrusions that occur. Why them? The article noted that from September 2014 to June 2015 alone, the U.S. military repelled more than 30 million known malicious attacks at the boundaries of its networks. Companies can learn from the U.S. military by creating high reliability organizations (HROs) that consistently defend against cybercrime.
One of the key lessons of the military’s experience is minimizing human error. Mistakes by network administrators and users—failures to patch vulnerabilities into legacy systems, misconfigured settings, violations of standard procedures—open the door to the overwhelming majority of successful attacks. Many studies show that the lion’s share of attacks can be prevented by simply patching known vulnerabilities and ensuring that security configurations are correct. 80 percent of attacks leverage known vulnerabilities and configuration management setting weaknesses. The best opportunities in security remediation are to identify and correct, in real time, any misconfiguration or known vulnerable systems. Implementing automated solutions can greatly reduce this human error and overall administrative burden when it comes to the painstaking task of vulnerability and configuration management.
The military embeds cyber in its culture, and institutes rigorous standards for cyber inspections and tightly coordinating teams and individuals that conduct them. CEOs should ask themselves and their leadership teams tough questions about whether they are doing everything possible to build and sustain an HRO culture. One consideration is investing more in capabilities for testing operational IT practices and expanding the role of the internal audit functions to include cybersecurity technology, practices, and culture. By maintaining effective awareness of the current state of enterprise IT assets and taking prompt action to patch, update or even disconnect vulnerable systems, the vast majority of cyberattacks can be stopped before they even start.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.