“The act of firefighting alerts coming in from everywhere won’t keep up with multicloud sprawl and identity-centric attacks,” Adamski says. Modernize the security operations center with automation and AI to reduce the noise and correlate signals across cloud services.
Forget about the human factor
With so many cybersecurity tools and services in place, it’s easy to sometimes forget about the human side of cybersecurity. That can lead to all kinds of things going wrong.
“In my experience, the proximate cause of security breaches is usually human error,” says Beth Fulkerson, technology and cybersecurity partner at law firm CM Law. “Usually someone falls for a scam and opens the door [to] malicious code.”
It’s human nature to want to react to a message or open a document, and this is what gets users into trouble. “The primary solution is not more tech, but more training to help employees feel comfortable pushing back on requests for access to their machines or for information,” Fulkerson says.
An example of human error would be if someone fails to remember that a printer or fax machine is on a network, and does not install security protections or doesn’t remove it from the network, Fulkerson says.
“Another issue is failure to properly use the security technology available or already in place,” Fulkerson says. The most recent litigation she worked on involved a defendant that claimed it was using file integrity management software as required by the Payment Card Industry Data Security Standard (PCI DSS), but either didn’t set the alerts up or failed to heed the alerts.
“It doesn’t matter if a company has tremendous security software if they do not set it up correctly and maintain it,” Fulkerson says.
