In September 1862, the 27th Indiana Infantry Regiment, situated near Frederick, Maryland, made a discovery that could have altered the Civil War.
It all began without much fanfare. Two soldiers found three cigars, held together with an unassuming piece of paper. There was nothing extraordinary about it, until the soldiers realized the document was actually a Confederate battle plan. The soldiers then acted quickly, passing the battle plan up the chain of command, all the way to Union leader General George B. McClellan, who, historians note, could have used that information to “destroy the opposing army one piece at a time.”
Yet, McClellan took 18 hours to act, and by the time he started moving against the Confederate forces, General Robert E. Lee had enough time to mobilize his forces and hold off the assault.
The Power of Information
During wartime, information can create just as much of an advantage for one side as the size of an army or the weapons they hold. That is, as long as this information is accurate, passed along to the right people and then acted upon quickly. In McClellan’s case, everything fell into place, except for the “acted upon” step.
The situation is similar for IT security professionals today, in their own war against threats to cybersecurity. They constantly gather intelligence about threats to sensitive corporate information and they understand how remote access vulnerabilities could be exploited by attackers.
Where they fall short – or rather, where their “commanding officers” (executive teams) fall short – is with how that information is passed along and acted upon. Nearly one-third of IT security teams never speak with their company’s executives about cybersecurity, according to a new Websense and Ponemon Institute report. And, what’s worse, the few who do keep executives in the loop only update them once per year.
So, how is it that these “communication roadblocks,” as the report calls them, seem so simple to correct, yet so little is done to correct them?
Websense’s Jeff Debrosse explained to SC Magazine that executives simply may not understand the nuances of network security, which could explain why they don’t always give IT security teams a seat at the executive table. Yet, Debrosse encouraged IT pros to, “really insist and show the ‘why’ of having security as part of executive team meetings and discussions.”
That way, both parties will be able to speak the same language. By breaking down these communication barriers, IT security professionals are more likely to get the support they need from the powers-that-be.
Is It Time for an Infrastructure Reconstruction?
Once addressing communication breakdowns, IT professionals may want to analyze the technology that protects their networks. Many are already taking this step, and they’re not liking what they see. About 30 percent of security professionals told Websense that they would support a complete overhaul of their network security infrastructure. While this seems like an overwhelming task, a network security overhaul isn’t as unorthodox or burdensome as it may seem.
At the heart of any network security infrastructure should be a VPN with central management capabilities. This solution uses encryption to provide employees with a secure tunnel through which they can gain secure, remote access to the corporate network. It also provides network administrators with the ability to revoke network access whenever a cyberattack is detected.
Once a VPN is installed as part of a redundant, multi-layered network security infrastructure, it’s up to the IT team to consistently communicate with the executive team. This way, when an advanced persistent threat (APT) or a breach traced back to a privileged user is detected, for example, the executive team will have more context and a better understanding of the threat landscape. This should empower them to quickly take whatever action is required.
If there is one lesson that can translate from General McClellan to today’s CEOs, it’s that having the right amount of information is only the first step on the battlefield – it’s knowing what to do with that information that will determine how history will judge you as a leader.
Want to learn more about remote access VPN?
In Remote Access VPN For Dummies, we cover:
– The full VPN landscape, including hybrid IPsec/SSL VPN solutions
– The evolution of remote access VPN
– How to provide users with secure remote access
– How to simplify remote access VPN and reduce costs