Experience Article in View From The Edge Magazine

As technology continues to advance across many industries, the frequency and severity of security threats have risen as well. Breaches can be costly, and without a comprehensive cybersecurity strategy in place, many organizations may be left vulnerable. “In this current security landscape, the threats have only multiplied,” says Jeremy Livingston, Associate Vice President for Security Solutions Development and Chief Information Security Officer. “Many of our members have had to rapidly deploy and implement new solutions for remote learning, remote management of IT systems and devices, and teleconferencing. All of these things have brought increased risks—with attacks rising close to 3000 percent.”

The changes brought on by COVID-19 are testing countless businesses’ security strategies and not everyone is prepared to defend themselves against increasing threats. “Unfortunately, the threats have only multiplied as everyone moves to telework and remote learning,” says Gregg Chottiner, Vice President for Technology Advancement and Chief Information Officer, Edge. “The attack sector has increased tenfold by the ability for hackers to now target the weak links in an organization’s security posture. The average data breach cost in the U.S. last year was almost $5 million, and this number seems to be rising at around 20 percent annually.”

Employing Preventative Protection
Developing a strong defense strategy is key and involves understanding threats and how to prevent them. “The cost of one of these breaches will far exceed most cybersecurity insurance policies,” says Livingston. “Luckily, there are many ways for us to stop that chain of attack. For most ransomware attacks, there are at least five different ways that an organization can stop that attack from occurring. This includes extensive user training, users avoiding phishing emails, and next-generation firewalls with updated block lists. Fortunately, there are many opportunities for organizations to cover all of these bases properly from a defensive standpoint.”

A proactive approach to cybersecurity can help boost the success of risk mitigation and allow an organization to ensure information is safeguarded over the long-term. “Many organizations often do not spend a lot of time thinking about cybersecurity until they get attacked or until their data is stolen,” says Chottiner. “Edge is trying to create awareness around security threats and show the value and cost benefit of doing this work upfront. One of the common themes in this realm is not if you’re going to be hacked, but when. In fact, there are organizations that have been already breached and are not aware of this threat because they do not have correct monitoring and logging of systems.”

Depending on an organization’s needs and current security profile, Edge can recommend solutions to assist in addressing specific vulnerabilities. “For some of the organizations we work with, we have made such improvements in the security measures that the cost of insurance has decreased,” shares Livingston. “Cyber insurance rates are based upon which defenses are in place versus the current risk levels and threats. We can actually help alter that equation to be more cost-effective, all without an attack even having occurred.”

“Edge is trying to create awareness around security threats and show the value and cost benefit of doing this work upfront. One of the common themes in this realm is not if you’re going to be hacked, but when. In fact, there are organizations that have been already breached and are not aware of this threat because they do not have correct monitoring and logging of systems.”

– Gregg Chottiner

Effectively Navigating Risk
Handling the difficult and complex nature of today’s technical environments is no easy feat, making the roles of chief information officer (CIO) and a chief information security officer (CISO) more important than ever in helping an organization navigate these challenging times. While each has different responsibilities, the CISO and CIO work in tandem to create a holistic security approach. “The CIO is responsible for the overall technology health of an organization and the CISO is a critical role in protecting data, data management, and academic and administrative computing,” says Chottiner. “A challenge we see with many organizations is they have an IT leader or CIO, but not a CISO. Many are in need of the knowledge, skills, and experience of a CISO to understand the problems and vulnerabilities of today’s systems.”

Livingston adds that a CISO focuses primarily on organizational risk management and works with executives to set appropriate levels for risk. They then evaluate and maintain systems and data with that risk level in mind. “The CISO brings a different skillset and security background to the organization and helps to keep the CIO more informed; allowing for more educated decisions regarding the technology that is being used and implemented. The CIO and CISO work hand in hand as partners, both keeping the organization functional and secure.”

Developing Cybersecurity Strategies
A CISO plays an essential role in IT leadership and developing actionable cybersecurity strategies and policies, but not every organization has the ability to hire for this position full-time. To help organizations fill this gap and improve their security effectiveness, EdgePro virtual CISO (vCISO) services offers an affordable way to gain the expert insight and skills they need. “As a vCISO, we embed ourselves into the organization and work closely with the CIO or technology director,” shares Livingston. “For organizations that have budget constraints or do not need a full-time resource, the vCISO gives them the expertise they need. The vCISO performs the same functions that a normal CISO would, but at a much lower cost.”

vCISO services are available on a virtual, fractional, or full-time basis to meet each member’s unique security needs. “Edge’s vCISO services give members the ability to access a qualified credentialed individual to perform required services; only paying effectively for what is needed,” says Chottiner. “As part of a holistic security approach, members also have access to the Cybersecurity Health Check Program, a proactive, standards-based cybersecurity tool. Periodically assessing network security is a crucial part of a business’s cybersecurity plan and this subscription-based program generates monthly reports that provide a snapshot of network security and outlines actionable intelligence to remediate any new vulnerabilities.” Along with regular assessments, Edge’s cybersecurity experts collaborate with an organization’s team to provide knowledge of cybersecurity frameworks and create a long-term strategy that aims to improve cyber defense over time.

Improving Cyber Defense
Edge is dedicated to helping member organizations improve their cyber defenses in the most efficient and cost-effective way possible. By using a shared services model, members can access a variety of top-notch products and services at a much lower cost. “The shared services model provides our members with a better value,” says Livingston. “Edge will take time to review an organization’s existing security measures and ensure these controls meet their organizational risk needs. We can suggest different security solutions that may be useful and help implement changes if necessary. In addition, we also provide user training for staff and faculty members in how to effectively monitor and evaluate their security posture.”

By developing a thorough understanding of potential risks, an organization is able to make more risk-informed decisions on how resources should be distributed to defend against those risks. “Our Cybersecurity Health Check is an affordable method for regularly revealing vulnerabilities and gaining access to a vCISO,” says Chottiner. “Edge can then help design and execute a personalized security program based on the organization’s needs and budget.”

For member organizations interested in establishing an Edge vCISO service or conducting a Cybersecurity Health Check, Edge’s sales team will set up an initial meeting to evaluate current needs and answer any questions. “Our process is completely collaborative and we will work with an organization’s technology director or CIO to determine the areas we need to focus on,” says Livingston. “We will give feedback, make recommendations, and perform a risk assessment to determine where Edge can provide the most value and immediate reduction in risk. We understand that finding cybersecurity staff can be a challenge or is not always possible financially for an organization. EdgeSecure aims to alleviate this problem and offer the insight, expertise, and solutions needed to create a robust cyber security plan and meet the challenges of the future.”

Looking to gain actionable cybersecurity intelligence and insight? See how partnering with Edge can help improve your cyber defenses. njedge.net/solutions/edgesecure

If your institution or organization would benefit from a qualified vCISO, full details on Edge’s vCISO program are located at NJEdge.net/solutions/edgepro/vciso.