Security used to be about protecting borders and keeping threats out. Lately, it’s more about managing risks and responding to breaches. This is true in both the physical world and cyber world, which actually have a lot in common when it comes to security. As the reality of crime changes, our ideas about security are also shifting.
Security is not an absolute
Completely secure is a lot like unicorns and leprechauns—it just doesn’t exist. Absolute security is not achievable. Instead, security comes in levels, but even the most extreme levels are not impenetrable. Different levels of security have consequences and extreme security may mean loss of productivity or have other negative consequences. Managing risks and taking the right security measures which will be most effective is not as simple as it used to be. Security has become more a balancing act.
Responding vs. preventing breaches
Unfortunately, in both the physical and cyber worlds, how an organization responds to a breach is as important as the security in place to prevent it in the first place. Because there is no absolute security, organizations need to be reactive as much as they are proactive.
Security can no longer be an afterthought during a project. For security to be effective, programs, systems and buildings must be designed with security in mind from the onset, no added on in at a later stage. Building first and securing later is a habit we need to break sooner than later.
Just because you have a gate outside doesn’t mean you neglect to lock the door to the building. Security today, physical and cyber requires a multi-layer approach. Password-protected data still benefits from encryption. Criminals are determined and creative, the more layers of defenses, the more secure. Security is not an absolute, but more layers will make it harder to crack. Threats are multi-pronged, and your security should be too.
Because breaches are so common, and response time can make a significant difference in damage done, periodic monitoring of systems is not enough. Continuous monitoring is the best way to quickly detect breaches and respond. To do this, you may need to automate monitoring.
Managing your risks, adding the right layers of security, and monitoring constantly so you can respond quickly to a breach is the new security. Knowing your risks and which layers of protection will serve your organization best are vital to keeping threats out. Responding quickly when breaches happen is important for mitigating damage and communicating with stakeholders and customers so they continue to feel secure about doing business with you.