Steer Your Cybersecurity Strategy with Automobile Safety Concepts

+ Chris Schreiber
(December 6, 2023)
+ Tags:

Share Article:


The Intersection of Safety and Innovation

In the world of automobiles and information technology, safety, and innovation are two sides of the same coin. Whether it’s the seatbelt in your car or the firewall protecting your institution’s data, safety measures are integral to the systems we rely on every day. In this article, we’ll explore how the principles of automobile safety can guide your cybersecurity strategy, and why you should think of these measures as necessary and expected protections rather than additional burdens.

The Seatbelt Standard: Basic Safety Expectations

Image representing a seatbelt and a firewall over shields , promoting the concept that both relate to safety

The Role of Seatbelts and Brakes in Cars

When we get into a car, we expect it to have seatbelts and brakes. These basic safety features have been standard for decades, and we trust them to protect us in case of an accident. They are the first line of defense in ensuring our safety on the road.

The Firewall Factor: Cybersecurity Basics in IT Systems

When using IT systems, we assume leaders have implemented foundational safety measures. Firewalls, intrusion detection systems, and antivirus software are the seatbelts and brakes of cybersecurity, providing a basic level of protection for our data against cyber threats. These measures are essential in preventing unauthorized access and detecting potential threats.

Anti-Lock Brakes and Airbags: Enhanced Safety Measures

Abstract image showing a car airbag being deployed next to a computer screen showing a possible security incident being investigated using an XDR tool

Advanced Safety Features in Cars

As technology advances, so do safety features in cars. Anti-lock brakes prevent wheels from locking up and skidding during braking, maintaining the car’s steering ability. Airbags provide an additional layer of protection in the event of a collision, reducing the risk of injury to occupants.

Beyond Firewalls: Advanced Cybersecurity Measures

In the same vein, cybersecurity requirements for your institution have grown beyond basic firewalls. Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), advanced email protection, and log aggregation tools have become essential parts of institutions’ information security toolkits, providing enhanced protection for sensitive data. These measures detect and respond to more sophisticated threats, ensuring the integrity and confidentiality of data.

The Fast Lane: High Performance Safety Solutions

Abstract image showing a self driving car and image of a computer incident investigation on a computer monitor. Both are connecting to various data elements coming from clouds

Enhanced Safety and Performance In Cars

In high-performance cars, safety features go even further. Enhanced suspension systems provide better handling and stability, camera systems offer a 360-degree view around the vehicle, and self-driving modes use advanced sensors and algorithms to navigate the road.

The Cutting Edge of Cybersecurity

In the world of IT, defending against more sophisticated attacks requires high-performance security solutions. You may need to move beyond just collecting logs and apply threat intelligence to your log data, and you need automation tools such as Security Orchestration, Automation, and Response (SOAR) to quickly respond to threats. 

Advanced attackers are interested in the people and intellectual property involved in university research programs. For research institutions, sponsors now expect institutions to have security programs that support this level of cybersecurity to protect intellectual property and other sensitive data.

The Safety Speed Limit: Defining Acceptable Standards

Abstract image comparing car speed limits to cybersecurity regulations. Shows a speed limit sign and a stack of binders with various regulation names (HIPAA, NIST 800-171, etc.)

Speed Limits and Cybersecurity

Just as speed limits ensure the safety of everyone traveling on the road, there are cybersecurity regulations to ensure the safety of data in IT systems. There is an increasing expectation for institutions to comply with standards such as the National Security Presidential Memorandum 33 (NSPM-33), NIST Special Publication 800-171 (NIST 800-171), the Gramm-Leach-Bliley Act (GLBA), and the Cybersecurity Maturity Model Certification (CMMC). 

Although these requirements are sometimes viewed as “unfunded mandates,” stakeholders and research sponsors view them as “speed limits” to define an appropriate level of protection for data stored in IT systems based on its perceived level of risk.

The Consequences of Speeding in Cybersecurity

When you violate speed limits and other automobile safety requirements, you might end with tickets and fines. Similarly, if you don’t meet cybersecurity safety standards, your institution might face lawsuits or regulatory action.

These examples underscore the importance of ensuring your IT systems meet these minimum cybersecurity standards. You should view these security requirements as an essential part of providing IT services so that you protect the data users have entrusted to you.

Navigating the Road Ahead

As you build your cybersecurity investment plans and strategies, it’s important to remember that cybersecurity is not a burden but an enabling feature. Just as car manufacturers invest in safety features to protect their customers, you need to invest in cybersecurity measures to ensure the safety of your IT systems. By doing so, you can ensure a safer, more secure future for all.

Ready to elevate your cybersecurity strategy? With CampusCISO, you can use free assessment and planning tools to prioritize your plans based on your unique needs. Cut through the vendor marketing noise and create a strategic roadmap based on input from over 150 higher education peers!