Susan Sison on Sep 18,2018 11:46:37 AM
When disasters strike, seconds count.
Over the last few years, we’ve witnessed scenes like this playing out over and over: There’s a storm with torrential rain that threats an entire community. Wind and water pose risk to life as well as millions of dollars in potential property damage – sometimes billions.
First-responders are in action throughout any crisis. Warning systems are in place to tell people about evacuation orders on TV or over the radio. Ambulances respond to situations before and even during many storms, and boats ply the floodwaters looking for potential victims.
Ladders are used to help escapees on roofs. Stretchers carry those who are injured. Sirens alert others to a disturbance and help keep the environment safer and more organized. All in all, you could count thousands of important objects – tools – that facilitate life-saving work.
Now, imagine that no one was there at all except people in need of help.
No paramedics. No police officers. No firefighters. Just day-to-day folks.
The idea is bizarre, even ludicrous. But it’s the central idea behind most internet security.
When you envision an emergency scene like the one described, you probably never separate the tools from the people who use them. It’s intuitive that for practices to take place and results to follow, the right people have to be on the scene. But: In IT, this often breaks down.
Fire-fighting, search and rescue, emergency medical services – all of these are solutions.
A solution is a combination of tools, processes, and expertise. All the factors come together in a defined way to produce an outcome. What makes solutions worthwhile isn’t the tools involved, but the overall strategic vision and the insight that drives them: That insight comes from people.
When business leaders think in terms of tools rather than solutions, they make assumptions that can put an entire business in jeopardy. In information security, we see that again and again and again.
Business leaders don’t think in terms of managed security services, but tools alone.
And that is a serious risk.
Tools Don’t Solve Problems: The Case of the Target Breach
Tools are important: They facilitate some aspect of a solution. But they don’t solve the problem on their own. For an example that will echo through the modern history of information security you need look no further than Target, one of America’s top retailers.
With more than 1,800 stores and 345,000 staff, Target has one of the largest retail networks in the United States. There’s no question that it faces an information security challenge of truly mind-boggling scope, complexity, and fluidity every single day.
The dilemma: Target leadership believed it could resolve that problem with tools alone.
In 2013, there was no question Target had all the best IT tools it was possible for an enterprise to have. The organization was equipped with advanced – and monumentally costly – tools to detect malware and “day one” threats. The system sent up the proper alarms at the right times.
Staff ignored, dismissed, or downright neglected both the tools and the data they provided.
We know the result: The 2013 breach cost Target $162 million and the job of its CEO.
What Makes a Solution a Solution?
Tools are a foundational part of any IT solution, but they have to be used in effective ways.
- Deployed at the right time and in the right way.
- Configured according to organizational needs.
- Maintained and updated regularly and well.
- Managed proactively based on best practices.
- Monitored expertly by qualified personnel.
What happens when these expectations aren’t in place? In the best situation, you might find yourself with a tool that’s expensive and worthless. The worst case scenario: Your company falls prey to a false sense of security that’s only shattered when it’s too late.
That’s why most firms should invest in managed security services ... not more tools.
Today’s threat landscape is even more intense and fraught than it was back in 2013. Novel types of malware are appearing every single day. Attack vectors like ransomware are costing billions, not millions, for companies of all sizes all over the United States.
The malware organizations face today can bypass virtually all known tools, including mainstays like firewalls, intrusion detection systems, and antivirus software. Patch management captures only a fraction of the new threats that emerge daily.
Real information security comes from merging the best in class technologies with the expertise that brings them together into a cohesive whole. Managed security services are, in general, the best way for any enterprise to do this quickly, efficiently, and well.
Don’t make the mistake others have: Buying a suite of IT tools and believing they’re a solution.
Managed security services can protect your investments and your brand reputation.
To find out more, visit us at http://www.ncanet.com.