Cybersecurity is top-of-mind for businesses of every type; from enterprises running distributed networks to small operations that rely on the internet for revenue. In mitigating cyber threats, leaders across functions – from IT to security to operations – must walk a very fine line: protect the business against bad actors and malware without greatly constraining business operations.
It’s a challenge Paul Kay faces every day. He’s the global chief information security officer (CISO) for the EchoStar Corporation, the parent company of Hughes. In his role overseeing the corporation’s global security strategy, Mr. Kay and his team advise and support various business units and operational teams on security policies, standards, practices and technology. He chatted recently with Tim Tang, director of enterprise solutions, about his approach to cybersecurity.
Here are three tenets Mr. Kay follows to help mitigate cyberthreats without limiting business operations.
Think of cyber security as a business problem, not just a technical one. According to Mr. Kay, cybersecurity is “…a business risk that has technical foundations associated with it. If you approach it from there, you can be successful in mitigating or remediating your technical cyber security issues, because you see and treat it as a business problem and not just an issue for IT.”
Pay attention to every point of connection. Even equipment like connected security cameras can be an entry point into the network if there aren’t proper defenses engaged, such as a firewall, network segregation strategy or cyber monitoring system. “Even if the only technology you have for your business is a point-of-sale machine connected to the internet, you have vulnerabilities because it is publicly connected to the internet.”
Be ever vigilant. Cybersecurity is a constant effort; it’s not a “one and done.” Mr. Kay explains his philosophy this way: “Imagine you have a burglar choosing between your house and your neighbor’s house. He sees your alarm system and your dog. He thinks, I don't want to deal with that. I'm going next door because that front door is unlocked, the windows are open, there’s a Rolex watch on the coffee table. If you make it more expensive, more challenging for hackers to breach the network, you have a better chance that they will move on because they don't want to waste their time and resources when there are softer targets out there.”
The good news is that for enterprises willing to take initiative in the battle against adversaries that are inventive and relentless, service providers like Hughes can deliver a managed security solution that helps mitigate top cybersecurity risks without constraining business operations.