Welcome to our newest blog series, Beyond the Buzzwords! Every month, a new ATEC Group team member will join us to discuss some of the top buzzwords in their specialty.
This month, we’re featuring Senior Account Executive Jason Krolak, who dives deeper into some of the overused phrases he encounters as ATEC’s Cybersecurity Champion.
Beyond the Buzzwords: Cybersecurity Edition
“Hi readers, Jason Krolak from ATEC Group here! Today I’m breaking down five cybersecurity buzzwords that many of us in the IT industry hear on a daily basis. Let’s get started!
- Holistic Approach: Arguably the most overused phrase of 2018, but also one of the most important. Here at ATEC, the term “holistic approach” means looking at a client’s overall security posture and taking a vendor agnostic and tool agnostic approach to assessing where they are and where they need to be.
- Security Posture: A close runner up to Holistic Approach, a “security posture” refers to looking at the client’s overall security picture. This would involve overlaying their existing security strategy over the 5 pillars of the NIST Framework to look for holes or gaps in their armor.
- Zero-Day: This refers to a security tool’s ability to detect and respond to an attack that had not been previously defined. Here at ATEC, we take this a step further by utilizing tools that listen to the dark web in order to understand what vulnerabilities are being weaponized. This way, we can assist our clients in protecting against an attack before it becomes a zero-day.
- IOT: Any device that is hard wired (or wireless) and attached to your network, but not part of your normal infrastructure (i.e. thermostat, medical device, HVAC controller). If you look at three of the most recent major cybersecurity breaches highlighted in the news, you will see that none came in through the firewall. The breaches actually involved an aquarium monitor, an HVAC sensor, and a heart monitor!
- Social Engineering: This refers to your staff being manipulated into infecting your network unknowingly. You can have the most secure network, but if an end user opens a phishing email, gives their UN/PW over the phone, or allows the wrong person in an ‘Iron Mountain’ uniform in to pick up your tapes, your security will be compromised.”