For cyber security strategy to be successful, there must be a harmonious relationship between the technology used and the understanding of security and privacy issues. Much like a house of cards, if one side doesn’t hold up the other, the whole edifice can collapse.
Despite the recent plethora of security breaches and attacks, a figure that is only going to rise, the number of companies addressing the risks hasn’t picked up.
“There is definitely an increased awareness but, to be honest, it’s really slow,” said Ergo’s chief technology officer Steve Blanche. “They’re not really seeing the potential
“There has been an increase in awareness thanks to the highlighting of notable events like the high profile ransomware attacks WannaCry and so on . . . but we’re still seeing a chasm of understanding and recognition with business owners around the potential consequences."
“Cloud technologies and apps are prevalent in everything we’re doing and companies not realising that’s happening, whether they’re controlling or managing it or not, is just whistling past the graveyard.”
Part of the problem is that cyber security can be an abstract concept for many people. Until something happens, there can be those who feel that since they’ve gone this far without being attacked, or they’re too small to be targeted directly, they can continue on as normal.
Highlighting how much of a process security is tends to be a major task for security vendors and bringing it from an abstract problem to a real one will continue to be a challenge.
“That’s what we’re seeing, where we have customers now, where they had even a small breach or small scare, they’re [asking] what do we do, how do we do it and let’s get it in place now, but without those kind of things . . . the urgency is not there.”
“It’s still taking a long time to embed that message with customers, that this is something they really have to make part of their day-to-day workings."
“This can’t be something you do as a once-off and is a box ticked. It’s very much a part of your business: you have to secure yourself, you have to put in controls and management or you will succumb at some point to an attack. There’s no doubt about it.”
That said, Blanche does see security measures becoming easier in the future as the industry grapples with this challenge. He reiterates how it must become a day-today measure, involving user awareness, training and adoption and should be as standard as a fire drill or company news updates.
There’s still a bit to go before we reach that point though. “Right now, it’s a wall we have to climb,” he said. “To understand the protocol we need to put in place, for things like classifying data properly and so on, because we’re not used to it, we haven’t come from that kind of background. But it will be what we do on a day-to-day basis, so in that way it’ll have to be easier. It will be easier.”
Until then, businesses will have to adopt a layered security strategy. Blanche mentions that there is “no single point solution” when it comes to security; all areas across the business must be catered for using the necessary security tools. That complexity probably won’t change any time soon and should always be aimed for.
“Obviously [you need] applications like firewalls and antivirus and encryption . . . but given identity management, as we said, with data classification, layering is the strategy to adopt,” he said. “[It’s] essential from the foundational hardware . . .all the way through, you’ve got to implement and embed that notion of security, locking down, managing and controlling how all of those different parts are managed.”
“That’s the key, layering across all aspects. Once that happens you’re not going to be surprised by some backdoor attack or something that came out of left field that you
weren’t aware of, because you’ve taken care of each different layer.”
In my last blog (8 Steps to Increase User Adoption of Office 365), I outlined the steps involved in succeeding in taking...Read now
To run a business, one must make decisions. To run a good business, one must make good decisions. To run...Read now