We’re focused on….
The brilliant basics of cyber hygiene. Or getting the basics right. Or whatever you like to call it. 🤔
Actually, we’re not just talking about getting the basics right; we’re talking about getting the basics right, and then continuing to keep them right, through the power of the human ability to observe and assess what technology is doing.
Can’t tech verify its own efficiency?
During a panel discussion about cyber hygiene, Rasha Abu Alsaud (EVP and CISO at Saudi National Bank) said:
“I think it’s important that in addition to the reliance on technology, manual validation needs to be practised as well, to check the effectiveness of the controls in place.”
In the era of AI and automation, the notion that we still have to manually validate technological processes in cyber is still highly relevant.
Yes, the tech can report on its own processes. But then the question is whether those reports are always accurate – and what happens if technology is left to self-perpetuate its own inadequate reporting and its own inefficient processes.
The basics of cyber hygiene
The basics of cyber hygiene are widely agreed to be:
📌Using strong passwords (and changing them frequently)
📌Keeping on top of software updates
📌Not clicking on potentially nefarious links
📌Using multi-factor authentication to protect data and third party entry points
And these basics apply to both organisations and individuals.
Many cyber hygiene tasks can be automated – and many vendor products today provide regular automated reporting on hygiene too. But what if those reports are missing crucial details❓ What if they’re reporting on outdated information about endpoints, users, or critical data❓
And what if those errors don’t get picked up and fixed, so the accuracy gap gets bigger and bigger with every automated report that’s produced?
Cyber hygiene audits, led by people
Cyber hygiene isn’t just one process, and good cyber hygiene can’t be determined by one piece of reporting software. It’s lots of different technologies, lots of different manual processes, and lots of different automatic processes – that all come together as one bigger picture.
For example, cyber hygiene includes…
- How data is encrypted and stored
- How you document processes and tasks, and how employees access that documentation
- Visibility over third party apps and users
- Authentication processes
- Patching
…and more.
Different technologies can audit how well these various aspects of your organisation’s overall hygiene are being monitored and protected. But to get a clear view of that overall hygiene, you need a human to audit the audits; to work through those reports, pick up on inconsistencies or missing information, and make sure that the tapestry of your security system isn’t missing any crucial threads.
Automated auditing is good. Manual auditing is also good. And together, automation and human validation make for much greater cyber resilience.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!