The Intersection of Safety and Innovation
In the world of automobiles and information technology, safety, and innovation are two sides of the same coin. Whether it’s the seatbelt in your car or the firewall protecting your institution’s data, safety measures are integral to the systems we rely on every day. In this article, we’ll explore how the principles of automobile safety can guide your cybersecurity strategy, and why you should think of these measures as necessary and expected protections rather than additional burdens.
The Seatbelt Standard: Basic Safety Expectations
The Role of Seatbelts and Brakes in Cars
When we get into a car, we expect it to have seatbelts and brakes. These basic safety features have been standard for decades, and we trust them to protect us in case of an accident. They are the first line of defense in ensuring our safety on the road.
The Firewall Factor: Cybersecurity Basics in IT Systems
When using IT systems, we assume leaders have implemented foundational safety measures. Firewalls, intrusion detection systems, and antivirus software are the seatbelts and brakes of cybersecurity, providing a basic level of protection for our data against cyber threats. These measures are essential in preventing unauthorized access and detecting potential threats.
Anti-Lock Brakes and Airbags: Enhanced Safety Measures
Advanced Safety Features in Cars
As technology advances, so do safety features in cars. Anti-lock brakes prevent wheels from locking up and skidding during braking, maintaining the car’s steering ability. Airbags provide an additional layer of protection in the event of a collision, reducing the risk of injury to occupants.
Beyond Firewalls: Advanced Cybersecurity Measures
In the same vein, cybersecurity requirements for your institution have grown beyond basic firewalls. Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), advanced email protection, and log aggregation tools have become essential parts of institutions’ information security toolkits, providing enhanced protection for sensitive data. These measures detect and respond to more sophisticated threats, ensuring the integrity and confidentiality of data.
The Fast Lane: High Performance Safety Solutions
Enhanced Safety and Performance In Cars
In high-performance cars, safety features go even further. Enhanced suspension systems provide better handling and stability, camera systems offer a 360-degree view around the vehicle, and self-driving modes use advanced sensors and algorithms to navigate the road.
The Cutting Edge of Cybersecurity
In the world of IT, defending against more sophisticated attacks requires high-performance security solutions. You may need to move beyond just collecting logs and apply threat intelligence to your log data, and you need automation tools such as Security Orchestration, Automation, and Response (SOAR) to quickly respond to threats.
Advanced attackers are interested in the people and intellectual property involved in university research programs. For research institutions, sponsors now expect institutions to have security programs that support this level of cybersecurity to protect intellectual property and other sensitive data.
The Safety Speed Limit: Defining Acceptable Standards
Speed Limits and Cybersecurity
Just as speed limits ensure the safety of everyone traveling on the road, there are cybersecurity regulations to ensure the safety of data in IT systems. There is an increasing expectation for institutions to comply with standards such as the National Security Presidential Memorandum 33 (NSPM-33), NIST Special Publication 800-171 (NIST 800-171), the Gramm-Leach-Bliley Act (GLBA), and the Cybersecurity Maturity Model Certification (CMMC).
Although these requirements are sometimes viewed as “unfunded mandates,” stakeholders and research sponsors view them as “speed limits” to define an appropriate level of protection for data stored in IT systems based on its perceived level of risk.
The Consequences of Speeding in Cybersecurity
When you violate speed limits and other automobile safety requirements, you might end with tickets and fines. Similarly, if you don’t meet cybersecurity safety standards, your institution might face lawsuits or regulatory action.
- Several institutions were hit with class action lawsuits following ransomware attacks, alleging that they did not have adequate security measures in place.
- Another notable case is the federal lawsuit against Penn State University, which alleges that the university made false claims about its cybersecurity capabilities.
- The government has also taken enforcement actions against universities for violations of regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
These examples underscore the importance of ensuring your IT systems meet these minimum cybersecurity standards. You should view these security requirements as an essential part of providing IT services so that you protect the data users have entrusted to you.
Navigating the Road Ahead
As you build your cybersecurity investment plans and strategies, it’s important to remember that cybersecurity is not a burden but an enabling feature. Just as car manufacturers invest in safety features to protect their customers, you need to invest in cybersecurity measures to ensure the safety of your IT systems. By doing so, you can ensure a safer, more secure future for all.