For cybersecurity, prioritize talent over tools if necessary
With so many data breaches in the news today – DoorDash and Zynga to name just a few that occurred recently – combined with the dizzying number of proposed cybersecurity solutions and the cost of this protection, it can be daunting to even think about where to start in protecting your business’ assets. As National Cybersecurity Awareness Month comes to a close, I want to share some tips to help local businesses take actionable steps to protect their critical information.
As with everything, it all starts with a plan, a budget and a roadmap. Identify the assets you need to protect and how much you can spend to protect them. Information security is an on-going investment in your business that should be planned and budgeted for annually. It’s not a one-shot deal or a one-time investment. Many organizations invest about 5 to 10% of their IT budget on information security. In Hawaii, the investment tends to be closer to 3% but is increasing as threat education and awareness ramps up.
It’s important to remember that there is no silver bullet in cybersecurity. No single tool can prevent and detect everything so be wary of anyone who professes otherwise.
In addition to the right tools, you need the right talent whether you hire in-house experts or work with a trusted technology partner to manage these tools. New threats constantly crop up so cybersecurity tools require regular updates and staff needs continuous training, which should also be included in your budget. In my opinion, it’s best to focus first on prevention, then on detection.
If you’re forced to choose between tools and talent, prioritize talent because tools are ineffective without the expertise behind them. Good cybersecurity experts can work with your existing tools to build out your technology roadmap, which will also evolve over time, to meet your business needs while monitoring trends and the ever-changing threat landscape.
When looking for talent, hands-on experience is critical. Look for candidates who have diverse IT experience and a solid combination of technical and soft skills that include advance networking, server hardening, vulnerability management, awareness training, compliance expertise, breach response leadership, and policy development and maintenance. It’s helpful if your candidates have a clear understanding of how your business operates so the right technology solutions can be deployed. Finally, especially here in Hawaii, it’s also important to find candidates who fit into your team and your company’s culture and share the same values.
Michael Taratko is a principal architect – security for Advanced Services at Hawaiian Telcom. Reach him at Michael.firstname.lastname@example.org.
© Honolulu Star-Advertiser