Header Ads Widget

Responsive Ads Here

মঙ্গলবার, ২৯ সেপ্টেম্বর, ২০২০

What Cyber Lessons Can the Military Teach the Private Sector?

 



 

If you run a small ecommerce firm, it might not seem you have much to learn from the US military. In some ways, that's true. It's likely that your budget for cybersecurity is smaller than that of the Defense Department. But, when it comes to effective cybersecurity, that's less important than you might think. Even the most secure systems in the world will eventually be breached; what's important is your approach to that fact.

In this regard, the private sector still has a lot to learn from the military. While many firms have already taken on board some of the technical lessons provided by the DoD – including those related to the way the military uses datacenters – when it comes to the "philosophy" of cybersecurity, we've got a long way to go to catch up.

In this article, we'll take a look at this approach, and explain what the private sector can learn from it.

The Military Mindset

Though the military – and particularly the US military – has an enormous amount of technical resources at its disposal, arguably their biggest asset is their approach to security. This is one based on the assumption that they will be attacked, and that at least some of these attacks will succeed. This is an approach that can be seen as developing directly from the more "traditional" activities of the military: namely, operating in combat zones, where it is equally certain that one will be attacked.

For those outside the DoD, the outcomes of this approach can most easily be seen in the military's response to data breaches. The US military, for instance, has suffered some high-profile breaches recently, but did not overreact to them. Instead of launching a total overhaul of their defenses, they remained tight-lipped about their cybersecurity strategies, and tacitly acknowledged that this kind of attack would succeed from time to time.

Resilience vs. Security

Because of this approach, the way that the military envisions cyberdefense is also strikingly different from the majority of actors in the private sector. Instead of trying to avoid attack altogether, the military focuses on "resilience" – the ability to limit the damage from successful attacks, and to recover quickly afterward.

Resilience is a term that is only infrequently used when it comes to corporate cybersecurity, but it runs through the research and frameworks developed by the military. Perhaps the most detailed explanation of the concept is contained in the 2013 Resilient Military Systems and the Advanced Cyber Threat, which bluntly states that “there is no single silver bullet to solve the threat posed by cyber-attack or [cyber] warfare … the cyber risk elements cannot be reduced to zero. While the problem cannot be eliminated, resilience capabilities can and must be determinedly managed."

The same document gives some details on what this means for the US military, at least at the broadest level. One of the most interesting ideas here – and, again, one that can be seen as a cyber analog of traditional warfare – is the idea of digital "tactical retreats." It appears – reading between the lines – that the military doesn't opt immediately for a traditional step-by-step technical strategy, as many a private IT cybersecurity department might do, say, in the event of a virus-infected computer. Instead, they will just wipe and reboot the machine, having taken steps to ensure that any data it contained has been backed up.

Theory vs. Practice

This idea – of junking a machine that has a virus – might sound a little expensive for the average private sector firm. However, the core principles of the "resilience" model followed by militaries around the world are fairly easy to put into practice, even for small firms. Here's how:

First, recognize that, no matter how good your cybersecurity is, you are going to be hacked at some point. Data breaches are not a sign of failure; over-reacting to them is.
Second, put in place technical measures to ensure the ongoing viability of your systems, even in the event of a successful cyberattack. This should include multiple, distributed backups of all data and systems, but also a modular network design that allows parts of your systems to fail without causing catastrophic damage to your operational capabilities.
Third, try to create a resilient culture in your firm. This includes employing a CISO to take charge and responsibility for your security; simultaneously sharing responsibility for cybersecurity across the C-suite; formalizing your risk management strategies; and making sure that your security team is in-post long enough to build up the necessary expertise.
Finally, take a deep look at your incident response plans. One of the key lessons to be drawn from the military response to successful cyber attacks is that poor responses to successful attacks can sometimes make them worse. US-Cert provides detailed guidance on how to build incident response plans that will safeguard your systems and data while allowing you to retain operational capacity.

The Bottom Line

Ultimately, if civilian government agencies and the private sector cling to security and neglect the importance of resilience in their cyber defense strategy, they will continue to lag the military when it comes to cybersecurity. Despite a reputation for being slow to react to emerging technologies, the military community was highly receptive to learning the hard lesson that security, though necessary, is bound to fail and therefore insufficient.

For private companies, learning a similar lesson means re-focusing on resilience, and not just at a technical level. There is, in short, a need to go beyond redundancy at a hardware level, and to build genuinely resilient systems at a managerial level

 

I will generate niche targeted verified email list

 


Niche Targeted Verified Email List Email Marketing Targeted Email:


Email is one of the most cost efficient ways to make reach consumers with marketing messages. To reach maximum consumers, you need to have maximum address(mail) of them. With Email Marketing services, even small businesses and regional retailers have the opportunity to join the big leagues.


I will provide you the best, 100% verified email list of any niche, any location.



I Will Provide You email lists in the following services:


  • Email List From any Social Media Platform (Instagram, Facebook, LinkedIn, Twitter)
  • Any niche based email list
  • Active Targeted Emails
  • Any Country email list
  • Local Area email list
  • Business email list


Why you choose me?

  • All Email Address list (Active, Clean, Fresh, 100% valid)
  • No Duplicate email.
  • No bounced, no invalid.
  • Money-back guaranty.
  • I am working full time at Fiverr as Hard Worker at 24/7 hours


 

will provide b2b lead generation and targeted lead generation

 



 

B2B Lead Generation Leads Email Web Research:


I will do Data Collection, Data Entry, Lead Generation, Web Research, Email Collection, company Details Research? As a data entry freelancer, I am offering you my quality services. I use LinkedIn Sales Navigator and some other tools to collect valid and active leads.


I will collect your targeted leads in a very short time.



My Services:


  • B2B Lead Generation
  • Targeted Lead Generation
  • LikedIn Lead Generation
  • Web Research
  • Include Company "Name, Email, Phone number".
  • Data Entry



Why You Choose Me:


  • 5 years of experience
  • 100% guaranteed delivery or refund is available
  • 100% safe and trust service
  • Fast delivery
  • Quality service
  • Results START Appearing in 24-72 Hours