Tesseract Ventures Partners with CYDERES to Spearhead Initiatives in Cybersecurity

Partnership between these two revolutionary, award-winning cyber startups provides companies with scalable solutions to address current and future cybersecurity challenges.

KANSAS CITY, Mo. – September 2nd, 2020Tesseract Ventures, a Kansas City-based technology company helping organizations become smarter, better connected, and more efficient through next-generation robotics, 21st-century software, and radically connected platforms, today announced it has selected CYDERES, Fishtech Group’s Security-as-a-Service division, as a partner to assess, align and service the cybersecurity space.

This partnership will disrupt the current market, providing more cost-effective and scalable solutions to companies across all of Tesseract’s verticals including the construction, medical and military industries.

“CYDERES’ capabilities to analyze unlimited security telemetry with its Cloud Native Analytics Platform (CNAP) and the revolutionary power of Google Chronicle that Tesseract will have access to through the partnership ensures that we will have the same level of incredible insight over our security program as we bring to the table through our market expertise,” said John Boucard, founder and CEO, Tesseract Ventures. “Most importantly, the CYDERES Managed Detection and Response solution will keep our organization, employees, critical intellectual property, and our customer-facing systems safe and secure.”

This partnership contributes to Tesseract and CYDERES’ positions as leading innovators of the quietly revolutionary Kansas City business community. Aggregating CYDERES’ innovative security and analytics solution with its own advanced technology, Tesseract is able to protect its intellectual property as well as strengthen the service it provides current and future customers.

CYDERES’ skilled analysts will pilot the process of using data collected from Tesseract’s PRISM wearable robots and digital ecosystem to make insightful decisions and provide real-time alerts.

Customers can safely store all their data and have the option to receive follow up services activated by Tesseract’s Mosaic and Prism System and serviced by CYDERES.

Tesseract’s partnership with CYDERES sets sights on disrupting the cyber tech and cybersecurity industries and furthering its product and service offerings among its other verticals.

“Tesseract is enabling businesses to defy the boundaries of space and time through next-generation technologies including robots, smart spaces, wearables, and radically connected platforms,” said Eric Foster, president, CYDERES. “While it's important to protect both Tesseract and the impressive class of clients that it serves, this partnership goes far beyond CYDERES protecting Tesseract—there are many applications of Tesseract’s cyber-physical tools that are directly applicable to our clients, and we are excited to get started.”

About Fishtech Group

Born in the cloud, Fishtech Group is the leading current-generation service provider enabling secure business transformation. Our experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. We make businesses more secure while increasing productivity and visibility. We focus on threats so you can focus on your business.

Fishtech Group’s CYDERES launches Cloud Native Analytics Platform (CNAP) solution to provide enhanced SaaS SIEM bundle for Google Chronicle

CYDERES’s new platform delivers unmatched performance, scale, availability and compliance.

Kansas City, MO (July 16, 2020) — CYDERES, the Security-as-a-Service division of cybersecurity solutions provider Fishtech Group, announces the launch of its Cloud Native Analytics Platform (CNAP, pronounced ‘snap’). CNAP provides a pre-assembled cloud-native SIEM solution delivered in an as-a-Service model, designed to enhance and extend the revolutionary security analytics and unmatched data lake capabilities of the Google Chronicle platform.

“Current SIEM solutions are just repeats of past mistakes,” says Gary Fish, CEO and Founder of Fishtech Group. “With CNAP, in partnership with Google, we have completely reimagined and created what a SIEM should have been all along.”

CNAP is delivered as a product + service fusion that eliminates the overhead of customer-driven management, detection content tuning, and upgrades that can consume significant operational effort in traditional SIEM deployments. With a fixed, predictable pricing model that is decoupled from data volume and usage, CYDERES CNAP enables organizations to collect and analyze all their security telemetry.

“CNAP brings significant features to enhance and extend the Google Chronicle solution,” says Eric Foster, President of CYDERES. “CNAP customers can easily take advantage of the unparalleled data lake and analytics capability of Chronicle but also get the SIEM capabilities they need and expect, such as operational and compliance reports, dashboards, additional detection and correlation capabilities including support for Sigma rules, and incident and case management including out-of-the-box integration with all popular ticketing and SOAR platforms.”

Benefits to the customer include up to 500% total cost of ownership advantage over traditional consumption-based SIEM solutions, enhanced advanced threat detection, improved return on security investment, higher analyst productivity, and easy expansion to managed services including CYDERES Managed Detection and Response (MDR).

Based on an organization’s preference, CYDERES CNAP provides organizations the opportunity to either modernize or augment their current SIEM with a turnkey solution that has the flexibility to power an in-house security operations team, to enable a third party managed service, or with CYDERES providing end-to-end Managed Detection and Response (MDR) or 24x7x365 SOC-as-a-Service via the award-winning CYDERES Cyber Defense Centers in Kansas City, Missouri and Rogers, Arkansas.

Key features of the Cloud Native Analytics Platform include:

  • Operational and compliance reporting, including custom reports
  • Compliance and SOC dashboards
  • Enhanced detection and correlation capabilities including support for Sigma rules
  • Security workflow and select SOAR automatic actions
  • Out of the box integration with third party ticketing and SOAR platforms, including ServiceNow, JIRA, RSA Archer, Onspring, Demisto, Phantom, and Swimlane.
  • Support for extended SIEM data sources and use cases, including IOT, Cloud, and DPHM.
  • CYDERES managed and hosted integrations to enable easy data flows from virtually any SaaS or cloud platform, including support for AWS and Azure as well as GCP.
  • Native integration and bi-directional support for legacy SIEM platforms such as Splunk, Arcsight, Qradar and Logrythym, for organizations that wish to either extend their current SIEM’s capabilities and/or offload high-volume telemetry from their current platform.

CYDERES CNAP is built on Google Cloud Platform (GCP) infrastructure for unmatched performance, scale, availability as well as trust and compliance. CNAP fully leverages Chronicle’s unified security data model, high performance search/ingest APIs, and advanced rules engine (YARA-L).  This combination of GCP, Chronicle, and CNAP represent a purpose-built security data lake with SIEM capabilities, supporting unlimited ingestion of an organization’s enterprise security telemetry at a low, fixed, per-employee price. All security telemetry is retained in an instantly accessible, sub-second-searchable state for a full 12 months by default.  The platform can also store data cost-effectively for even longer-term retention requirements by leveraging native CNAP support for GCP Nearline, Coldline, and Archive storage.

With a rich library of pre-built data source connectors and SOC-ready content including correlation rules, operational and compliance dashboards, and pre-defined triage workflows, CNAP enables organizations to modernize their security with a cost-effective solution for storing and analyzing all enterprise security telemetry and making it useful for detecting, hunting, and responding to both current and emerging security threats.

About Fishtech Group

Born in the cloud, Fishtech Group is the leading current-generation service provider enabling secure business transformation. Our experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. We make businesses more secure while increasing productivity and visibility. We focus on threats so you can focus on your business.

Fishtech Group includes the Security-as-a-Service division CYDERES and the security analytics firm Haystax of McLean, VA. Fishtech venture partners include Perch Security of Tampa, FL, and Foresite of Overland Park, KS. Visit https://fishtech.group/ or contact us at info@fishtech.group.

Identity Governance: The Starting Point (Video)

As the global business landscape continues to shift, organizations are learning what it takes to secure and scale a remote workforce efficiently. As this “new normal” emerges, a robust identity program must align with an organization’s compliance objectives and combine to form a robust solution set that enables business growth.

In order to address the related financial, legal, operational, and reputational risks, Identity Governance combines a prescriptive blueprint for effectively identifying and converging the foundational pillars of IAM with a right-sized and resilient GRC solution/program. Importantly, this also incorporates a Zero Trust Model of relevant security and technical controls.

As a result, organizations are able to prioritize, manage, and mitigate cyber risks that align with their business goals and objectives.

In part two of our ongoing webcast series Why Identity Governance Really Matters Fishtech Group experts describe best practices and winning solutions that we are architecting for customers every day.

Missed Part 1? Catch the full replay on demand.

Virtually Tour the Fishtech Campus

Adapt and overcome.

Two watchwords we are all learning to live by in this unique season of crisis. During this time we continue to aid our clients with all manner of cybersecurity and business continuity challenges 24 hours a day / 7 days a week.

Our virtual teams are standing by to deliver assessments, workshops, and demos while helping organizations currently dealing with security incidents of all kinds. Typically we are glad to welcome enterprises, small businesses, and schools alike to tour our Fishtech Group campus, but due to the ongoing situation have limited access to necessary personnel only.

Instead, we invite you to tour our Fishtech Headquarters and 24/7 Cyber Defense Center via these videos below.

Our unwavering commitment remains leading organizations to a more secure future!



Our Unwavering Commitment

Like many of you, we are continuously monitoring the ongoing Coronavirus (COVID-19) situation and want to assure you that our primary focus is always the health and safety of our community, customers, and staff. As we continue to monitor the CDC’s guidance, our thoughts are with those personally affected by this virus and their families.

We remain vigilant to guard the integrity and security of the data, architecture, and systems you’ve placed on our watch 24/7/365 so that you can maintain focus on your business and the care of your own families and staff.

All of Fishtech Group’s divisions operate from a zero-trust architecture, meaning that all of our security controls exist at the user, application and data layers. We do not place any trust in the network layer, and this allows to continue operations uninterrupted.

Our mission remains helping organizations minimize risk, maximize efficiency, and maintain compliance in an increasingly turbulent world, and therefore we have strong disaster recovery and business continuity plans for our own organization. Fishtech was purpose-built to act as a reliable partner for companies in crisis and with every customer interaction we continuously refine protocols to serve you better.

Fishtech Group teams throughout the country are flexible, informed, layered, and able to collaborate to assist you from any location. We are accustomed to virtual work situations and are well equipped to help you with any challenges you may face with your own teams.

With the safety of your staff and ours in mind, we have limited our domestic travel and have shifted our live events to webcasts only. In addition, we are taking increased precautions at each of physical locations in Kansas City, MO, Northwest Arkansas, and McLean, VA in addition to emphasizing our existing policies. These include optional work from home for all employees, with a requirement to do so for those who feel ill or have been exposed in any way.

Thank you for your loyalty and reliance on all of us at Fishtech Group. Please reach out to us directly with any questions and let us know how we can continue to honor the trust you have placed in us. Our unwavering commitment is to serve you and your business throughout this difficult time and beyond.

To a secure future,
Fishtech Group

Haystax Strengthens Executive and Insider-Threat Teams

Contact: Jennie Hanna, jennie.hanna@fishtech.group

Kansas City, MO (February 4th, 2020) – Fishtech Group is pleased to welcome two widely respected cybersecurity industry leaders to the Haystax team.

Brett Wilson has joined Haystax as General Manager. In this critical new role he is responsible for leading the Haystax business unit of Fishtech Group, and is focused on developing, taking to market and operationalizing innovative approaches that help organizations identify threats and manage risks using the world-class Haystax platform. Brett is part of Fishtech’s Executive Team and reports directly to Fishtech Group founder and CEO Gary Fish.

David Sanders joins Haystax as Director of Insider Threat Operations, responsible for deploying the Haystax Insider Threat Mitigation Suite to the company’s enterprise and public-sector clients and supporting the optimization of their existing insider threat programs. Dave reports to Haystax’s Vice President of Customer Success, Susan Oliver.

“Brett and Dave are accomplished cybersecurity executives who bring a wealth of industry knowledge and experience to our Haystax business unit,” said Gary Fish. “With their addition to the team, we are positioned to expand and accelerate adoption of Haystax’s award-winning insider threat and physical security software platform to enterprise, federal and state government public safety and education clients.”

Brett has over 25 years of technology industry experience creating, marketing, selling and supporting information security software and risk management solutions. He has held various leadership roles at Symantec, Trustwave and CYREN. Most recently, Brett was COO of enSilo, a recognized leader and innovator in the advanced endpoint security market that was recently acquired by Fortinet. “Haystax is an innovator in the application of advanced data science and AI in solving difficult cyber and physical security problems,” said Brett. “I am excited to lead Haystax’s efforts to help enterprise and government clients manage their risks, and to deliver our solutions to a wider market.”

Dave has two decades of experience in program and project management, software development and database design, including eight years as a trailblazer in the development and implementation of advanced insider threat mitigation programs. Most recently, he designed and managed the insider threat program at Harris Corporation, now L3Harris Technologies. Previously, Dave served on the U.S. government’s National Insider Threat Task Force (NITTF). “I am impressed with Haystax’s pioneering, patented approach to evaluating behavioral and cyber indicators of insider risk, which is both game-changing and unique,” he said.

Fishtech CRO Pete Shah added: “In our pursuit of seamlessly integrating Haystax as a business unit of Fishtech Group, we are confident that Brett and Dave will have an immediate, accretive impact on our customers and partners, ensuring Haystax continues to deliver operational mission success to the dedicated safety and security professionals who are responsible every day for managing risk to people, facilities, systems and information.”

Both Brett and Dave will be based at the Fishtech Group/Haystax office in McLean, VA.

About Fishtech Group

Born in the cloud, Fishtech Group is the leading current-generation service provider enabling secure business transformation. Our experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. We make businesses more secure while increasing productivity and visibility. We focus on threats so you can focus on your business.

Fishtech Group includes the Security-as-a-Service provider CYDERES and the security analytics platform provider Haystax of McLean, VA. Fishtech venture partners include Perch Security of Tampa, FL, and Foresite of Overland Park, KS. For more information, visit our website at https://fishtech.group/ or email us at connect@fishtech.group.

On State Actors and Cyber Readiness

Update 12/16/20: Although this article was written in January, the advice herein has continued to resonate as we continue to tackle the many challenges of this year. The recent news of advanced cyber attacks have prompted many to investigate their overall cyber readiness or lack thereof, a very worthwhile exercise. Don’t go it alone – leverage Fishtech’s industry pioneer expertise, decades of experience, and what’s actually working in our customers’ environments to mature your security program and scale your business instead of being consumed fighting its threats.

For better or worse, the world of cybersecurity is increasingly intertwined with the current events of the day. As cyber criminals continue to evolve in the digital era, we will continue to see an increase in the frequency and sophistication of cyber-attacks.

In the last five years alone, there has been a 67% increase in security breaches, with a growing portion of these breaches coming from state actors. Of course, this is why we at Fishtech are so passionate about what we do. The genuinely painstaking but necessary work of cyber experts grows continuously larger in global importance every single day.

In light of several recent international incidents, most notably the recent military action in Iran, we have seen a flood of articles detailing serious cyber-attacks that will be coming our way from various state actors. We’ve received several specific questions about what to do about the potential escalation in cyber conflict.

The news cycle should not be your alert to put the proper practices into place to protect your business.

If it is, that doesn’t make you a bad business owner. At least you care enough to worry about your organization’s security maturity at all! The only thing is, these attacks aren’t new. Many state sponsored actors are operating at various levels of sophistication and have been orchestrating cyber-attacks for years.

While particular threats may be more severe than others, cyber readiness demands constant vigilance. The 24-hour news cycle will ebb and flow with reports of what could be the beginning of an even greater level of intense cyber warfare with devastating effects. Vigilance is key, but shouldn’t similarly ebb and flow, but rather maintain a constant state.

To analyze further, let’s look at some historical context: As Digital Shadow’s Rick Holland recalls, in October 2012, roughly two months after the Saudi Aramco Shamoon wiper attack, then-Secretary of Defense, Leon Panetta, gave a now-famous speech where he warned about the potential for a “cyber Pearl Harbor.” Do we have a historical reference for an actual “cyber Pearl Harbor”? Not exactly.

At the same time, we have been monitoring fresh intelligence that SOC’s have been experiencing an escalation in spear phishing, scans against companies targeting VPN vulnerabilities, and a myriad of other attack vectors in late 2019 / early 2020.

This isn’t reserved for a single state actor, but multiple at various levels of sophistication. Don’t read this wrong, there have been some clear retaliatory attacks after incidents occur, but nothing so unusual to suggest a “new” devastating cyber weapon has emerged on the scene.

All that being said, no matter your stance on the will-they won’t-they chatter, the threat risks you are experiencing are still greater than zero. Questions around availability, cloud security, and other potential vulnerabilities are very legitimate.

Therefore, the leader who is rightfully concerned about risk (continuously analyzing combinations of threat likelihood, vulnerability, and consequence) needs to be fully prepared for very unique situations and take preventive steps where possible.

So, what’s next?

Our constant focus: helping our clients build out and maintain a set of best practices for the modern enterprise. Whether it’s state actors or individual attackers, the fundamentals of modern cybersecurity still apply.

For example, as Gartner has clearly stated for years, robust detection and response capabilities are at the top of the list. Organizations of all sizes need to make sure the people, process, and technology are in place to respond to any potential attacks. With talent in short supply, and the costs of building an in-house SOC increasing, finding efficient ways to detect, respond, and even proactively threat hunt around the clock can be very difficult.

In addition to fundamentals, we recommend regular penetration testing, vulnerability management, and making sure you have a cyber readiness plan and team in place equipped to deal with every aspect of a security incident, because every second counts.

All of this can help build out a more mature cybersecurity posture moving forward and is not dependent on a single state actor or malicious insider.

Truthfully, you most likely didn’t start your business to be distracted by cyber threats. Out of necessity, many enterprises are having to use more and more resources to keep themselves afloat in this ever-swirling sea of risk.

We believe organizations should be able to spend that precious time and resource doing what they do best however possible. Whether it’s building better automobiles, saving the planet, scaling restaurant franchises, or caring for patients – we want to help.

Fishtech was built from the ground up to alleviate these worries for modern day organizations.

Your focus should be on what you do best: growing your business and running your organization to perform at its’ peak no matter what the news cycle.

These threats aren’t going away – recall the 67% of security breaches in the last five years. One way or another, a solution needs to be found. Are you in this alone? Or, are you ready to work with experts that can make sense of the chaos and use real data with your unique business situation to inform an overarching, scalable, and mature cybersecurity program.

If you are interested in learning more about helping your organization take its’ cyber readiness to the next level, fill out the form below to get connected with one of our expert consultants.

The Talent Factors for Why You Shouldn’t Build a SOC In-House

In a couple recent blog posts, we have been focusing on the reasons why organizations are finding it more difficult than ever to justify building a SOC, or, a Security Operations Center, in-house.  Though the alternative of using an MSSP (Managed Security Service Provider) can be a frustrating experience, there are very few organizations that can defend building a SOC in-house.

To help bridge the gap between these two solutions, and to provide a good alternative to an in-house SOC, we wanted to build an operation that is different from other MSSP offerings and effectively do away with all of the negative connotations that come with the territory. That solution is CYDERES, our 24/7 human-led and machine-driven security-as-a-service.

We understand a lot of organizations have invested a lot into building their own SOC, but that there can be many issues that arise as they try to keep up with day-to-day operations for their security teams, while also continuing to lead and focus on the core aspects of their businesses. With CYDERES we can help reduce the headache of any organization looking to start transitioning to fully-managed security.

We previously looked at some of the cost factors that make building an in-house SOC difficult. Today, we’re going to look at another challenge that can present itself when building a SOC in-house, and how CYDERES can be an effective alternative. In this post, we will be looking at why talent is a huge factor as to why organizations struggle to build a SOC in-house.

Talent is Hard to Find

There is a shortage of talent in the field of cybersecurity. This causes problems for organizations trying to build out their cybersecurity programs within their company. By 2021, experts predict we’ll see 3 million open cybersecurity positions worldwide, with at least one quarter of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Let’s keep that statistic in mind as we look to our first point.

It takes a small army to run a Security Operations Center effectively.

At minimum you will need a staff of 16, if not more, according to our experts at CYDERES. You want to make sure every shift will be covered, and that you have enough staff to fill in when your team gets sick or goes on vacation. If every organization wanted to build a SOC in-house, how would they fill all of the necessary positions when there is already a severe talent drought?

Furthermore, with current professionals in high demand, a lot of the best talent in the field is getting snagged by organizations whose core focus is on security, and not operating a SOC on the side. This creates another impediment to anyone trying to build a SOC in-house.

At this point, some of you may be feeling like we’re writing about your exact situation, while others may already have a full team ready to go, and may be under the impression that they have beaten the illustrious ‘talent shortage’. Well, many organizations may have a crack team on the payroll today, but what happens when someone moves on, or retires? There may be a significant gap in your team as you try to lure another professional who is just a qualified as the person who just left. The talent shortage has far-reaching ramifications, even beyond the immediate future.

The ‘Talent’ to Look Ahead

Cybersecurity is a relatively new field. We are just now exploring what the capabilities and possibilities of this field are. Threats and solutions are continuing to evolve every day, and the security threats of today are not the security threats of tomorrow. This means that security teams need to be constantly devoting some of their resources to learning and looking at what’s on the horizon.

Unfortunately, because a lot of teams are facing a talent shortage, they don’t have enough people to move beyond putting out fires every day. Therefore, a lot of administrators are just focusing on what’s going on today, and aren’t looking forward. This can create huge problems for organizations in the long-term.

It’s vital for the current generation of business leaders to continually look for next generation solutions so that they are prepared for tomorrow’s threats today. In-house resources may not be enough to achieve this goal. Your current team may work for your current needs, but transitioning to a fully managed security-as-a-service provider will allow you to start looking ahead without straining the staff you already have on the payroll.

Using CYDERES Over an In-House SOC

With CYDERES, we can make many of the issues listed above obsolete for your organization, either through augmenting your current SOC, or by gradually transitioning your in-house solution to our fully-managed security-as-a-service offering.

We have put significant focus on attracting and retaining the best talent in the business. We have invested in our facilities to give our professionals a world class space to operate in, and built a great foundation of an awesome team that is our best advertisement we could ask for to attract other professionals of their caliber.

We have dedicated teams for specialized threats, both for the threats of today, and the threats of tomorrow, which brings a lot of value to our customers. We have also created a structure that allows us to adapt to your needs. Maybe you already have a couple of experts already that know a lot about your business. We can work to augment the work of folks that are already ingrained into your corporate structure to allow you to get the best solution for your particular needs.

The best part, in working with CYDERES, you can redeploy your resources elsewhere so you can focus on your business… We’ll handle your threats.

If you are interested in talking with our CYDERES professionals to see how we can help create a better way forward for your organization, fill out the form below, and we will be in touch soon.

Fishtech Group launches Cyber Defense Center in Northwest Arkansas


Contact: Jennie Hanna, jennie.hanna@fishtech.group 

The leading edge cybersecurity tech and talent center will be led by former WalMart CISO

Kansas City, MO (Dec. 9, 2019) — Fishtech Group, a current-generation leader in cybersecurity, announces it will launch a Cyber Defense Center (CDC) in Northwest Arkansas similar to its state-of-the-art center in Kansas City. The 10,000 square foot facility will house a security operations center (SOC) at 4300 J.B. Hunt Drive in Rogers, AR.

Expected to be fully operational by Q2 2020, the Fishtech Group NWA Cyber Defense Center will bring cybersecurity training, technology, and resources to Northwest Arkansas. It will bridge the resource and talent gap – a gap that is often overlooked yet increasingly critical to enterprise success.

“We are bringing leading edge cybersecurity resources to the Northwest Arkansas region. Our service and technology offerings are tailored to serve today’s heavily burdened CISOs,” says Gary Fish, CEO and Founder of Fishtech Group. “We’re excited to invest in the local community bringing highly sought cybersecurity jobs and talent to the region.”

Initially the space will house 20 employees and expand up to 100 onsite staff, including Security Analysts, Threat Engineers, Client Success Managers, Account Executives, and other cybersecurity talent.

Fishtech COO and CISO Kerry Kilker will run and oversee the NWA CDC. Kilker was formerly Senior VP and CISO for Walmart Technology, where he established and operated a world-class cybersecurity program for the world’s largest retail organization.

“The Fishtech team has a history of building large, successful companies in the cybersecurity space,” says Kilker. “There are so many high-growth companies in NW Arkansas and they each have evolving cybersecurity needs that we believe are better served locally.”

About Fishtech Group
Born in the cloud, Fishtech Group is the leading current-generation service provider enabling secure business transformation. Our experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. We make businesses more secure while increasing productivity and visibility. We focus on threats so you can focus on your business.

Fishtech Group includes the Security-as-a-Service division CYDERES and the security analytics firm Haystax of McLean, VA. Fishtech venture partners include Perch Security of Tampa, FL, and Foresite of Overland Park, KS. Visit https://fishtech.group/ or contact us at connect@fishtech.group.

National Cybersecurity Awareness Month 2019

Though Fishtech works every day to give cybersecurity the awareness it deserves, each October,
we’re happy to see an extra emphasis given to the importance of taking proactive steps to enhance cybersecurity at home and in the workplace during National Cybersecurity Awareness Month.

Each year we hope to share lessons that we have gleaned from more than two decades of shaping the landscape of cybersecurity solutions. These insights are often tried and true principles worth revisiting, as we continue to prepare for an ever-evolving future.

Cybersecurity Requires More Than a Nod of Approval from the C-Suite

In today’s business environment, cybersecurity risk management programs are more important than ever. Traditionally, this has been recognized by the IT teams who would try to stress the importance upstream, but as businesses continue to undergo digital transformation, modern cybersecurity programs require buy-in from the C-suite.

Cyber attacks affect every aspect of an organization, from IT, to finance, to HR. The leaders of the organization need to prioritize their focus on mitigating the cyber risks inherent to modern business to protect everyone under their purview.

Cyber-Hygiene is Not Enough

It may be easier to go through the motions and make your way through the normal checklist and make sure you’re complying with standards that may or may not be right for your business.This approach is just not enough. Organizations need to take an approach informed by data.

Focus should be on threats that pose the biggest risk, not those that are part of your routine “box checking”.

Network Data is Not Enough

Internal threats detected through network logging and aggregation are detected too late. Early indicators of internal threats come from human actions and attitudes. There are better ways to get in front of potentially devastating internal attacks. There are solutions that use better models than network data to reveal behaviors of potential insider threats, well before they become a problem (a particular specialty of our friends over at Haystax).

Technology Alone is Not the Solution

You may have heard us talk about people, process, and technology. That’s because all three of these are integral to a proper cyber-risk management program. Many security vendors will try to sell you software that is the be-all and end-all of cybersecurity. There are more factors to a complete cybersecurity program than the “perfect technology”. You need trained staff that will follow processes exactly as they are specified so that all other factors that could provide a vulnerability outside of what each technology protects from will be mitigated.

Cybersecurity Awareness in 2019

While we believe that these four items carry particular importance to organizations overall, we have also loved the overarching themes of 2019’s edition of National Cybersecurity Awareness Month: “Own IT. Secure IT. Protect IT.”

With these themes, there is more of a focus on personal accountability to help create a foundation of proactive behaviors and awareness to strengthen each individuals’ knowledge and confidence to help create a culture of cybersecurity throughout each organization.

We will highlight a few of the basic strategies of each theme below, but we definitely
recommend checking out more resources on each of the following areas to make sure your
knowledge is up to date on best practices in cybersecurity for you and your organization.

Own IT:

  • Be aware of what you share on social media.
  • Review your privacy settings for each app that you use, and continue to do so with
  • Make sure your applications and accounts only receive the base level of information. If
    they are asking for too much, ask yourself if you really need to use these tools.
  • Don’t forget about smart devices. Monitor how these are used as much as you would
    with your smartphone.

Secure IT:

  • Create strong and unique passwords or passphrases. The more characters the better.
  • Utilize multi-factor authentication for added security.
  • Take care when shopping online. Make sure you are shopping at places you know you
    can trust.
  • Scrutinize every email that includes links or requests for information to protect yourself
    from phishing.

Protect IT:

  • Make sure you update to the latest security software, web browser, and operating
  • Avoid public Wi-Fi as much as possible.
  • If you are collecting customer/consumer data, make sure it is secure.
  • Cybersecurity is important in the modern age, and it is important to re-evaluate your own
    adoption of cybersecurity practices as much as possible.

We hope this post helps give you a starting point on items to re-visit on your quest to #BeCyberSmart.

We hope you have had a successful National Cybersecurity Awareness Month. If you have any questions for our experts on how to improve your cyber awareness, fill out the form below to get connected!