As we near the end of the year, we are also nearing the end of the decade, and one can’t help but to look back at the changes that have occurred in technology in the past 10 years. In 2010, most of our clients had DSL or similarly primitive broadband technologies. As a result, most of our engagements featured very little automation and management, as the ability to remotely monitor and manage environments was limited due to bandwidth constraints. In addition, security threats were mostly an annoyance, viruses that could be prevented by definition-based anti-virus software designed to block known threats.
However, as we enter 2020, the entire landscape has changed. All of our clients feature advanced copper or fiber-based broadband connections to the internet, allowing our engagements to feature powerful management and security solutions we can deliver from our Security Operations Center. However, these services are needed more than ever as malicious security threats target our client’s data due to its value – either by encrypting access to the data and extorting payment from the client to regain access (ie. Ransomware), or by stealing the data and selling it on the dark web.
10 years ago, we often found we had to help our clients understand their reliance on technology. For example, a hotel isn’t just a hospitality company, they are an IT-centric company – while IT is not their primary business like Google or Microsoft, the fact is that they can’t take a reservation or issue a room key without technology. Similarly, the membership database at a non profit is as important to their business operations as the teller platform at a community bank. So while a business may not be an “IT company”, virtually all are IT-centric.
Today, the value of data, and the importance of keeping data secure is as high at the hotel and non profit business as at the bank. Whether to adhere to regulatory compliance requirements through MA CMR17.xx, PCI, HIPAA, FERPA, GLBA, or ITAR, or just to avoid the reputational risk associated with a data loss incident, the fact is you’re not just a financial institution, manufacturing company, non-profit, insurance agency, or medical practice, and you’re not just an IT-centric company, you’re a data security company, and should be active in making cybersecurity part of your company’s DNA.