Why Cybersecurity Guidelines Are Evolving

Saturday, 5 August 2023, 9:21 am
Column: Hugh Grant

A decade ago, it was common to find the recommendation that you should change your password on a regular basis. These days, this practice is discouraged. In fact, many cybersecurity recommendations have changed – and they continue to change. Why is this the case? And how can you keep up with the latest recommendations?

Professional Cybersecurity Guidance

It can be maddening to try and keep up with the latest cybersecurity recommendations, especially if you have a complex organization to manage or if your business is especially vulnerable to cyberthreats. That’s one reason so many business owners turn to the help of cybersecurity advisors to keep them informed and their strategies up to date. This way, you can effectively delegate the demands for ongoing education and get access to all the rewards.

Hiring these advisors is going to cost you a bit of money, but if it helps you mitigate potentially devastating cyberattacks and remain compliant with modern best practices, it's usually worth it.

Why Cybersecurity Recommendations Change So Frequently

These are just a few of the reasons why cybersecurity recommendations change so frequently:

· Evolving technologies. One reason is the constant forward march of technological evolution. Today, we are interconnected in ways that we couldn't have imagined just 20 years ago. In another decade, we'll likely be flabbergasted at what's possible. Cybersecurity recommendations must change because the technologies we’re protecting are changing.

· New scams. Hackers and cybercriminals are also constantly changing. Technical experts are advancing their skills, coming up with new ways to exploit new technologies. And savvy criminals are willing to change up their persuasion tactics whenever people generally get wise to one of their common scams.

· The half-life of knowledge. The “half-life of knowledge” is something that affects almost every field and every industry; over time, we gradually discover that assumptions we once held to be true aren't as accurate as we once thought. A great example of this is the password changing recommendation. Originally, this was thought to make it harder for criminals to gain access to user accounts, but it ultimately led to people being lazier with password creation.

· Disputes and contradictions. Security recommendations aren't cemented into law by a single authority. In fact, sometimes experts disagree on what the best practice truly is. If you hear an alternative cybersecurity recommendation, it could be the result of a difference in opinion, more than a real update.

· Perception problems. There are also some perception problems in play. It's entirely possible that a cybersecurity recommendation has been in place for more than a decade, but if you haven't heard about it, it may seem totally new to you. In some cases, a change in recommendations may be a simple reflection of ignorance on the part of the listener.

· The human factor. Human behavior is complex, and arguably weird. It's hard to tell exactly why people do the things they do. But human behavior is a critical element of any sufficiently robust cybersecurity strategy. We need to be able to predict not only how leaders within organizations behave, but also how their employees behave – and how cybercriminals behave. Even with perfect data analytics and a fundamental understanding of human nature, this is a massive challenge. The only way forward is to continually update our knowledge and recommendations as we gain new information.

· The inevitability of change. Change is inevitable, especially in the world of technology. Our devices and software change. We change. Criminals change. So it's only natural that recommendations change as well.

What You Can Do

It's hard to keep up, So what can you do?

· Remain adaptable. First, remain adaptable. If you take a cybersecurity recommendation as the ultimate, unchangeable gospel truth, you might end up entrenched in a position that needs to change in just a few short years. Adaptability and agility are crucial for long-term success.

· Hire the right people. It's much easier to stay up to date when you have the right people working for you. Sometimes, that means hiring an external IT firm. Sometimes, that means building an internal team of your own.

· Stay up to date. Avoid falling behind. It's important to stay current with the latest news and developments in the cybersecurity world. Keep reading valuable sources of information and always assume there's something new on the horizon.

· Hold regular audits. Take the time to audit your cybersecurity strategy regularly. If and when recommendations change, you need to change your strategy accordingly.

Cybersecurity recommendations aren't going to become stable or stagnant anytime soon. In fact, as technology evolves quicker, it's likely that recommendations are going to evolve even more rapidly in the future. The sooner you embrace this fact and make accommodations for it, the better your organizational cybersecurity health is going to be.

ENDS

Hugh Grant

© Scoop Media