IT Insider Blog

New call-to-action

Why IT Management is Not the Same as Cybersecurity

Posted by Mandry Technology Solutions on October 20, 2020 at 11:31 AM

Cybersecurity is often misunderstood as a trend in the IT services market. This continues to blur the lines on how IT management interacts with cybersecurity practices with the goal of minimizing cyber exploits. For many organizations looking for both cybersecurity and IT support services, business leaders tend to think that their IT management includes cybersecurity; however they are altogether two sides of the same coin and they approach data security from much different perspectives.

IT management and cybersecurity often overlap where protection of the network and technology assets are needed to mitigate outside threats. For example, IT management may provision security appliances like firewalls to ensure network protection, while a cybersecurity team would focus on how firewalls would be configured and then used into an integrative strategy to reduce overall organizational risk.

The nuanced difference to these approaches may not be easily seen by organizational leaders but can also be explained by using an analogy of physical security. A business may employ a security company to install security systems such as door locks, alarms, cameras, and other equipment to protect a facility. This company may even offer monitoring to ensure doors are locked. While these are step toward a first line of defense, this strategy alone lacks many considerations to ensure actual security. The systems of door locks, alarms, and cameras can be easily manipulated and bypassed.

For more assurance of physical security, a security specialist would be needed to analyze all security components and processes to provide a strategy of layered protection. They would examine the environment of the facility to understand weak points for entry and exits. They may advise for coded access such as fences or barriers to be installed in strategic areas outside the facility and monitor all physical access by installing electronic key fabs on the outside of doors. They may also look at modifying internal processes of shipping and receiving to monitor outside activity.

In the digital world, IT support vendors may even claim to bundle in “cybersecurity” in attempts to ensure the client of data protection, however what is needed to offer true cybersecurity protection is a dedicated focus on security (monitoring, gap analysis/remediation, ect.), accreditation of the vendor and its staff, and specialization in security roles.

Today’s threat landscape is everchanging so cybersecurity programs should be dedicated to perpetually increasing the security posture of an organization. A cyber security organization and their staff should be able to show attestation and accreditation of their security standards by industry authorities (AICPA SOC, Cyber Verify, ISC2 Certs). Data security programs offered should be focused with regular intervals of policy reviews, measurement, cybersecurity training, and gap remediation. Specialized staff should be knowledgeable in best practices and compliance standards to ensure complete protection of all digital assets.

 

Picture1

As business leaders grapple with the reality of the 2020 health crises; the last thing any executive wants on their watch is more of a different kind of crises such as threats to critical communications and information systems.

Whether facing the threat of a hackers taking advantage of a crises or an employee clicking a nefarious link, these situations can result in operations grinding to a halt. The last 6 months has proved difficult for many and it’s time for businesses to bridge gaps in their data security practices in efforts to prevent such occurrences, especially when the threat has expanded as more employees are working from home. Protect your organization’s revenue, relationships, and reputation from cyber threats beyond just managing IT infrastructure, visit mandrysecure.com for more details.

 

Tags: Cybersecurity, Healthcare IT