Steve Gickling is the CTO of Calendar, a place for unified calendars and all your scheduling needs.
By now, the headlines disclosing yet another data breach are all too familiar. While tech leaders don’t want their companies to become feature stories about cybersecurity woes, most admit security is a real challenge. Threats are becoming more complex, as are compliance-related requirements for data security.
Consumers are also losing trust in the tech sector’s ability to keep their personal information safe. The technology industry may still hold the No. 1 spot when it comes to consumer confidence, but that confidence is waning. In the United States, trust in the tech sector—as measured by the Edelman Trust Barometer—declined by 24 percentage points during the last decade. Additionally, 73% of surveyed consumers are concerned about data privacy, while 71% fret over cybersecurity.
As a tech leader who has worked in the SaaS industry for nearly 25 years, I was motivated to help make business data safer. I saw the need for a more secure data management process, which was a significant contributing factor to why I created a data management software platform.
Identifying and rectifying security issues should be top of mind for technology leaders. However, determining how to go about it is a different ordeal altogether, as processes must be robust but not too complicated. With data security being at the forefront of my mind, I wanted to share some ways in which tech leaders can identify where the security issues are happening before it’s too late.
Run Vulnerability Tests
Like humans, most companies develop blind spots that may prevent the discovery of weaknesses. As a tech leader, you might feel good about the way your team monitors your network. Its configuration looks solid. Redundancy is there in case something goes wrong. Plus, you’ve got acceptable guardrails up such as firewalls and anti-malware apps.
However, these measures don’t do much to identify vulnerabilities that could compromise your network someday. With so many connected resources, a network’s security threats often lurk in the shadows. Some examples include outdated apps, lax permission settings and default admin passwords for IoT devices. Threats like these may go undetected if you don’t have automated ways to uncover them.
Vulnerability testing can expose blind spots by identifying overlooked security issues. By running these tests, your team can see how network resources could fall prey to those with malicious intent. Vulnerability tests scan a company’s entire system, classifying each threat according to severity. You can isolate which practices expose sensitive data and prioritize problems that deserve immediate attention.
Evaluate Vendors’ Security Measures
Some businesses may operate in more of a bubble than others. Smaller regional markets or heavy reliance on in-house expertise can shield companies from potential threats. Yet few—if any—organizations can do without outside vendors completely. Whether external relationships involve web developers or materials suppliers, these partnerships create possible security issues.
For instance, supply chain software is becoming a popular target for cybercriminals. Gartner, Inc. predicts that 45% of global organizations will experience attacks on software supply chains by 2025. This represents a 300% jump from 2021’s statistics, highlighting the need to manage more than internal security measures.
Some of the most widespread data breaches involving major retailers were caused by vendor practices. Physical access and remote access to online systems are areas where tech leaders may identify problems. Any shared resources, including data, can create gateways for unauthorized activities. Security loopholes may be as simple as a malware infection from a USB drive. Companies need to know what vulnerabilities vendors generate and insist that their partners resolve them.
Assess Employees’ Knowledge
Human error is behind many security breaches. Organizations become susceptible to attacks when employees are unaware of password best practices and phishing tactics. The need for employee education can be constant as cybercriminals’ tricks evolve. Even individuals with some cybersecurity training aren’t immune to falling for malicious actors’ maneuvers, especially as they appear increasingly legit.
By determining what insiders don’t know, tech leaders can pinpoint additional security problems. There might be holes in password policies because current measures only scratch the surface. For example, company policy may require strong passwords using a combination of letters, cases, numbers and special characters. However, nothing prevents employees from creating slight variations of previous passwords.
Staff members may not know how this practice makes it easier for cybercriminals to guess their credentials. Employees could also be unable to spot red flags in suspicious emails and websites. One unintentional click could bring on a full-blown ransomware attack. A tendency to dismiss questionable activities from on-site vendors or co-workers could expose additional security issues. Connecting personal devices to the company’s network after hours is one plausible scenario.
Detecting Technology Security Concerns
Tech leaders are responsible for protecting their companies’ sensitive resources from a host of security threats. These dangers can be easy to miss, especially if businesses lack systemwide detection tools. Whether hidden security issues are internal or external, they’re liabilities that cybercriminals can’t wait to exploit. Uncovering an organization’s vulnerabilities takes a well-rounded approach that also considers risks that might fly under the radar.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Follow me on LinkedIn. Check out my website.