A man enters a network.
– “I want full access,” he demands immediately, not noticing that he has put on different socks that morning.
– “Sure, if you pass the identity test,” the bartender replies with an arrogance our man has not experienced since the state closed all nightclubs after an unknown space virus appeared that only affected clubbers.
— “I pass every test. I look good,” the man was confident after spending two years in the EU.
– “Does that mean you agree?”
– “I agree. Give me your best assessment!”
– “Where have you been and where are you going?” The bartender wasn’t impressed with this overly confident visitor wearing two different socks.
– “What, my wife won’t ask me that!”
– “Okay. What do you have on?”
– “Well, today I’m wearing my favorite Armani sweater, Calvin Kline underwear, Lewis bootcut, limited edition Air Jordans and a Hilfiger baseball cap,” the man was genuinely impressed with his identity (crisis).
– “I’m only interested in your socks. Where’s your SOC 2?”
The man looks down and his face turns red as he realizes the problem.
– “My kids! They like to play tricks on me.
– You should educate them”
– “Education costs”
– “Access denied.”
Compliance-based software and regulation-related services have become the new pain point for companies of all sizes. While it’s not hard to understand the critical importance of data privacy and security to the digital society, which is evolving at an unprecedented rate that can only be compared to the controversial tale of the creation of the world in seven days, compliance requirements are still at a stage where they only add more clutter and confusion to your already chaotic and confused security portfolios.
Is there a way around them? No.
Is there a way through them? Oh, yes.
Just remember that any deployment in the maturity phase is painful, complex, and needs proper guidance.
Let’s take a look at our shared experience of multifaceted security problems.
Security Is Under Tremendous Pressure
We are afraid of unwanted publicity in the Wall Street Journal, the changing threat landscape, the complexity of the systems we have to deal with, unintentional data breaches due to human error, compliance audits failing, missing out on cyber insurance money, and much more, including war, climate change, and even geomagnetic storms.
Since the pandemic forced everyone to adopt the telecommuting model, digital services have skyrocketed, creating more attack surfaces. I like to remind you in every article that 97% of data breaches are caused by human error, and that’s good news. Because that means they are remediable.
The premise of cybersecurity is that if you are digital and connected, you can and will be attacked.
Yet many companies have spent millions of dollars on cybersecurity and still get attacked.
According to the CyberEdge 2022 Cyberthreat Defense Report (CDR), more than 80% of UK businesses experienced a successful attack in 2021/2022, with the average cost of ransomware attacks being $1.08 million.
In the U.S., a record 47 percent of Americans were victims of financial identity theft in 2020, according to Aite-Novarica Group.
Currently, approximately 4,000 cybercrime attacks occur in the U.S. every day.
The 2021 Cost of a Data Breach Report, a global study sponsored by IBM Security and conducted by the Ponemon Institute, found that the average cost of data breaches increased from $3.86 million in 2020 to $4.24 million in 2021.
At the same time, the UK imposed fines of 44 million euros under the GDPR. And Amazon received a fine of 746 million euros (i.e., about $831 million) in response to violations of the GDPR, according to the company’s June 30, 2021, SEC report.
I’ve heard from many clients and partners that the legal environment is becoming (or has become?) an adversary in itself.
I also know that law enforcement agencies estimate that the number of unreported cyber crimes by companies is in the millions, which means they don’t know the exact proportions of cyber threats.
The sophistication, variety, and complexity of cyberattacks have also increased. What worked five years ago in cybersecurity no longer works today. Did you know that cyberattacks can be purchased as a service on the dark web?
So the question becomes, how can you protect yourself in today’s world where the stakes are high?
On the bright side, when you fight cybercrime, you can be sure that you are making a valuable contribution to society.
If you want to save the world and make money to save more things you care about, the cybersecurity industry is the industry for you.
Do You Wake Up Every Morning to Technology Not Working Properly?
We are still human, even if our lives are digital. We feel guilty, have limited time in the day, and can not answer some questions without careful consideration, which in turn takes time.
As my Medium friend Atti Riazi, senior vice president and CIO at Memorial Sloan Kettering Cancer Center, has correctly pointed out in her insightful article, many CIOs and IT directors wake up every morning to find that technology does not work, systems do not work, there are project integration issues, security gaps, and customer concerns, along with a lack of tablets, financial commitments, ROI and more.
The main problem is that the products are incompatible or not configured properly, which highlights the problem of the huge shortage of cybersecurity engineers in the highest-paid industry of our time. What an irony.
In the words of Vasu Jakkal, Microsoft Corporate Vice President, Security, Compliance, Identity, and Management CMO, when we lose trust in the technology on which our lives depend, we enter a dystopian society where nothing works, nothing is regulated, and no one can protect us.
The biggest challenge, however, is that cybersecurity remains very complex.
Jay McBain, Chief Analyst at Canalys, in his great analysis, acknowledges integration, ongoing management, severe skills shortages, security alert fatigue, and a fragmented vendor ecosystem as key obstacles.
Leading vendors are addressing these obstacles with platform approaches consisting of a portfolio of tightly integrated products that provide greater interoperability and transparency, are modularized to extend functionality via add-on subscriptions, and leverage automation to simplify operations.
This means that any product or service you get should make you freer.
The original reason for technology is freedom.
If it does not give you freedom from unnecessary actions, you waste your resources and stay on the hamster wheel.
Moreover, honesty builds trust. Trust is the foundation or framework for collaboration. And to have trust, you need Zero Trust.
Zero trust mentality and architecture mean you have to assume an attack and verify everything explicitly. Identity has become the battleground of security.
Technology Is About People and Processes
The success of my SAAS, MSSP, and compliance expertise is precisely because TLIC is the data and security database EXPERT that gets you on your way until all your configurations become a freedom bubble that allows you to cure your patients and eradicate cancer.
My project managers not only install everything you need to reach the highest security level, the freedom level, but they also configure and manage all installations. I firmly believe in a comprehensive service: one that’s fully accessible, transparent, and responsive.
Yes, there’s a lot of confusion at the technology plane and the market is very noisy right now, but I’ve got a hunch that it’ll clear up soon and we’ll all be able to do our jobs while the technology serves it.
And real change starts with choosing the right partners. Just like in life. And the right partner will stay with you for a long time.
Canalys estimates that by 2025, hyperscalers will rely on partners to lead customers in and press the buy button on their behalf for nearly a third of their marketplace transactions.
The channel system of the past and the ecosystem of the present and future are comparable to the traditional box theater and the modern interactive multimedia spectacle.
In traditional theater, there is a centralized figure who gives instructions to everyone on and off stage. In interactive multimedia spectacles, all actors must work together in real-time, relying on each other’s experience, knowledge, and high level of performance.
How To Reach the Compliance Maturity
Compliance is critical, but it does not have to be painful and complicated. Yes, you have to deal with multiple requirements, some of which overlap, and sometimes you have to duplicate your work.
And then you have to figure out how to meet the requirements and how to capture and validate the security controls.
You have hundreds of evidence requests to respond to, and you are still capturing, describing, and organizing many of them manually, jumping out of your products from time to time.
Depending on what stage your organization is in, you will experience different levels of compliance maturity.
- If you are just starting out, you probably do not have a team of compliance experts, there is no formal process, and there may not even be controls.
- In the second phase, your company meets some requirements and has a small compliance team, basic governance and risk management processes, and a limited number of controls that are documented.
- In the third phase, compliance is better addressed and your compliance team has defined roles and responsibilities, formal validation and measurement processes, and your controls are monitored and measured, but with limited automation.
- The fourth phase, as the company moves through this entire process, is to optimize it. Your company culture supports ongoing compliance, which includes ongoing training. Comprehensive processes are risk-based and quantified. Security controls are widely implemented, automated, and continuous.
In the first phase, when you are just launching your compliance program, you need products and services to help you define your compliance program.
In the second phase, you need tools and expertise to perform the readiness assessment.
The third phase is about validation and continuous monitoring.
And finally, the fourth phase is about automation and automated evidence collection that will bring you maximum efficiency. You will reclaim your time.
Technology was invented to improve your quality of life and give you time and freedom. If it does not do that, you do not have the right tools.
As Jay McBain put it, “In this decade of the ecosystem, no one can do it alone.”
Partnerships are a must in business today. The technology alliances, the strategic alliances, the business alliances.
We have to start doing things with the customer, not for the customer.
It’s about education, long-term relationships, and a successful last mile for life.
Schedule a meeting of your life with me.
Your data, cybersecurity, and compliance expert,
Get Me at 401-214-5557 or firstname.lastname@example.org