cybersecurity-by-designDo you remember the pre-flip phone era?  Viruses were a nuisance, but not earth-shattering.  Once in a while you’d get that weird little email stating a Nigerian prince wanted to send you money.  Oh, and your only real experience with a hacker was your neighbor’s son who stayed in the basement all day with thoughts of grandeur that far outstripped his abilities.

Those days are gone.  Hackers are far more sophisticated, and the stakes couldn’t be higher.

I recently had a conversation with a scammer who, without much trouble, could get all the information he needed to obtain a brand-new passport just by gleaning a few pieces of data from the unsuspecting victim. He’s turned a new leaf now, but in his previous life he had stolen dozens of identities and spent a half dozen years completely evading the FBI.

The scams he had performed were clever, but today they would be seen as amateur play.  Hackers have changed.  They’ve grown more sophisticated.

You know what else has changed?  Our dependency on data stored in technology.  We are completely reliant on our data for every part of our business.  Every day we watch as more businesses crumble beneath the barrage of cyberattacks hitting them.

Today, security cannot simply be an afterthought.

Many of us—even those in IT—have long treated security as something to just add on top of everything else. We were more interested in simply having the machines run—enabling employees to get their jobs done efficiently and effectively. We were more concerned with the car moving from destination to destination and less focused on the seat belts or airbags.

Many of the systems used even as recently as ten years ago were designed with one person in mind—the end user and their experience. Most companies had a very limited perspective about security. The concept of keeping things secure was a complete afterthought and the tools used to keep a network safe were treated as a one size fits all solution.

But you know what? Now we live in an era completely dependent on data and the bad guys know it. They’ve sharpened their skills and weapons on our businesses. And here’s the bad news: Most networks—and the systems, software and infrastructure used on that network—have not been designed to withstand the magnitude of attacks occurring today.

Many of your vendors are quick to develop new features your users want, releasing new products and services rapidly to the market. But along the way they often have not taken a security-first approach to their solutions. This approach has led to the countless attacks we’ve seen in the news in recent years.

That’s where security by design comes into play.

Instead of simply building your network and reacting to changes, what if you could design your infrastructure, software and processes to simply be secure (or at least more secure)?

To accomplish designed security, your team needs to identify what is critical to your business before coming up with a plan. This will require multiple layers consisting of physical, network, and data security.

Your security will move from simply having a stack (a bunch of security tools) to an actual security program that will anticipate needs. It will inform you and your leadership of your risks and how to mitigate those risks.

Your designed security program will fit your company. It will not be one size fits all. It will be tailored to your supply chains, to your industry, and your specific processes and people.

How can you start designing your security?

To have an effective security program today, you need experienced leadership to guide solutions that will have the biggest impact on your organization’s security. Most business leaders are moving to virtual Chief Security Officer (vCSO) engagements. vCSOs have tailored security framework to proactively address security risks before they become problems.

We don’t live in a pre-flip phone era anymore.  It’s time to take action before your business gets hit.