Tech View: For cybersecurity, prioritize talent over tools if necessary
With so many data breaches in the news today — DoorDash and Zynga were two recent victims — combined with the dizzying number of proposed cybersecurity solutions and the cost of this protection, it can be daunting to even think about where to start in protecting your business’s assets.
Mahalo for reading the Honolulu Star-Advertiser!
You're reading a premium story. Read the full story with our Print & Digital Subscription.
Already a subscriber? Log in now to continue reading this story.
With so many data breaches in the news today — DoorDash and Zynga were two recent victims — combined with the dizzying number of proposed cybersecurity solutions and the cost of this protection, it can be daunting to even think about where to start in protecting your business’s assets. As National Cybersecurity Awareness Month comes to a close, I want to share some tips to help local businesses take actionable steps to protect their critical information.
As with everything, it all starts with a plan, a budget and a road map. Identify the assets you need to protect and how much you can spend to protect them. Information security is an ongoing investment in your business that should be planned and budgeted for annually. It’s not a one-shot deal or a one-time investment. Many organizations invest about 5% to 10% of their information technology budget on information security. In Hawaii the investment tends to be closer to 3% but is increasing as threat education and awareness ramps up.
It’s important to remember that there is no silver bullet in cybersecurity. No single tool can prevent and detect everything, so be wary of anyone who professes otherwise.
In addition to the right tools, you need the right talent whether you hire in-house experts or work with a trusted technology partner to manage these tools. New threats constantly crop up, so cybersecurity tools require regular updates and staff needs continuous training, which also should be included in your budget. In my opinion, it’s best to focus first on prevention, then on detection.
If you’re forced to choose between tools and talent, prioritize talent because tools are ineffective without the expertise behind them. Good cybersecurity experts can work with your existing tools to build out your technology road map, which also will evolve over time, to meet your business needs while monitoring trends and the ever-changing threat landscape.
When looking for talent, hands-on experience is critical. Look for candidates who have diverse IT experience and a solid combination of technical and soft skills that include advanced networking, server hardening, vulnerability management, awareness training, compliance expertise, breach response leadership and policy development and maintenance. It’s helpful if your candidates have a clear understanding of how your business operates so the right technology solutions can be deployed. Finally, especially here in Hawaii, it’s also important to find candidates who fit into your team and your company’s culture and share the same values.
Michael Taratko is a principal architect-security for advanced services at Hawaiian Telcom. Reach him at Michael.firstname.lastname@example.org.