{"id":4834,"date":"2024-08-13T10:29:33","date_gmt":"2024-08-13T15:29:33","guid":{"rendered":"https:\/\/www.dnsfilter.com\/blog\/creating-an-over-the-counter-cyber-defense-program"},"modified":"2024-08-13T10:29:33","modified_gmt":"2024-08-13T15:29:33","slug":"creating-an-over-the-counter-cyber-defense-program","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/13\/creating-an-over-the-counter-cyber-defense-program\/","title":{"rendered":"Creating an Over-the-Counter Cyber Defense Program"},"content":{"rendered":"
<\/div>\n

One of the benefits of being in the cybersecurity industry for over 25 years is that you develop perspectives from patterns that repeat themselves, as well as the ability to compare and contrast with other more mature industries.<\/p>\n

<\/p>\n

This week at BlackHat, I realized that with all the vendors and money spent at BlackHat, most ordinary people who need cyber solutions are not being served. It is like a pharmacy only delivering \u201cprescription medicines\u201d when most of the world needs \u201cover-the-counter medicine.\u201d<\/p>\n

By focusing on themselves\u2014and by that I mean creating tools only for themselves\u2014cybersecurity professionals are creating a talent shortage. It\u2019s not efficient or practical to have cybersecurity tools so highly sophisticated that it requires years of experience to operate them. This puts small businesses<\/a> in particular at a huge disadvantage, and opens them up to higher security risks. It also creates a higher barrier to entry for cybersecurity jobs, hence the unintentionally manufactured skills shortage. This talent shortage is only real because cybersecurity vendors are creating it as they continue to deliver solutions that require experts (doctors and pharmacists of cybersecurity). <\/p>\n

In this blog post, I want to walk through what it takes to reach most of the world with a defensive cyber solution that is safe and simple to operate\u2014an over-the-counter cyber solution.<\/p>\n

A Remedy for Balanced Cybersecurity<\/h2>\n

Let’s talk about balance in the cybersecurity industry. I’m not suggesting that over-the-counter solutions should replace prescription solutions. Instead, I\u2019m advocating for a balanced approach, similar to how medicines are categorized. The current reality for the cybersecurity industry is that they require expert operations and administration for a simple headache when a straightforward over-the-counter solution could suffice.<\/p>\n

How often do medium to small organizations find themselves with a toolset outside of their skillset or even their needs, because it\u2019s beyond the basics? Most often than not I would say as the majority of vendors attending the BlackHat conference are targeting companies that have a CISO and a well-established security practice, not that small business down your street or have anything to offer your friends and family who have been hacked more than once by now I am sure.<\/p>\n

Over and over, we hear that everyone in the world needs to practice the basics and then build their cybersecurity program from there. My general complaint is that If this is true, why aren’t there more cybersecurity solutions designed to cover the basics that are safe to operate by someone who does not need years of experience or a portfolio of certifications?<\/p>\n

The concept of over-the-counter is simple: It is available without an expert. You can essentially use it as directed and it will deliver a safe and effective solution.<\/p>\n

I think there is also a case to be made that well-designed, simple-to-operate cybersecurity solutions that target the non-expert are also well-positioned for Managed Service Providers (MSP)<\/a> and Value-Added Resellers (VARS)<\/a> in the same way that Drug Stores sell both prescription and over-the-counter solutions. I want to ensure I thoroughly walk through the analogy to show the parallels in this comparison.<\/p>\n

What Over-the-Counter Cyber Defense Looks Like<\/h2>\n

Imagine getting a splitting headache, so you drive to your local pharmacy and pick up your favorite over-the-counter headache pain reliever. You can run in quickly, grab what you need, and get relief shortly.<\/p>\n

Now think of a scenario where that simple and effective pain relief requires you to first go to your doctor, prove you\u2019ve got a terrible headache in the first place, then go back to the pharmacy and wait at least 30 minutes as the pharmacist fills your prescription. The prescription itself is likely a much higher dosage than what you needed in the first place. Relief comes quickly but at a higher price tag after an unnecessarily long wait.<\/p>\n

That second scenario is what we\u2019re seeing in cybersecurity. To get simple pain relief (or in this case, threat protection), we need to jump through a large set of hoops and wind up with something that covers our basic, fundamental needs. It is often far more powerful than we need it to be, at a higher price tag, and will require more upkeep. You\u2019re going to need to keep filling that prescription, as you\u2019re bound to get more headaches. And to fill that prescription, you\u2019ll need a doctor and pharmacist (your cybersecurity experts) on-staff.<\/p>\n

Neither scenario is sustainable long-term, when what you need are self-service basics.<\/p>\n

An over-the-counter cybersecurity solution must be as simple as a music streaming service\u2014full stop.<\/p>\n

Finally, I want you to think of a cybersecurity solution that covers precisely what you need that you\u2019re able to trial, demo, and pay for all on your own. It\u2019s easy to get access, deploy, and manage (minus the experts)\u2014that\u2019s over-the-counter cyber defense. If you\u2019re stuck on if a solution is \u201cover-the-counter\u201d or \u201cprescription,\u201d here are a few questions you can ask yourself:<\/p>\n