Although the vast majority of businesses today are aware of the dangers of cyber crime, too many acknowledge that they are not really effective at preventing breaches and other security events, and are not confident in their ability to recognise that a breach is taking place. Security, and how to improve it, remains at the top of the CIO’s list of priorities.
So says Simon Campbell-Young, MD of Credence Security, who explains that there are a number of problems facing organisations who are trying to improve their security posture. “The first that comes to mind, is that too many organisations rely on their own security teams to test their security solutions. Very few have the ability to conduct proper penetration testing to the level where it can truly identify any vulnerabilities in the security chain. Businesses need to rely on outside experts, whose sole function and area of expertise is to perform these tasks. Pen testing, threat intelligence analysis, thorough security audits – these should be left to the experts.”
The next issue, he says, is that security isn’t keeping up with the pace of big data and digital transformation. “As businesses embark on a digital journey, creating massive data silos, moving to the cloud, and harnessing the power of social media, analytics and the Internet of Things (IoT), they are exposing themselves to a slew of new risks they are unprepared for. As businesses change, so does the threat landscape, and unfortunately, security solutions and strategies aren’t keeping up. They need to adapt security strategies to meet these changes.”
Further to this point, Campbell-Young says that businesses are unprepared, and don’t have real idea of what the implications of a breach could be. “Companies rely heavily on technology these days. A successful breach could shut down the business from a few hours, to a few weeks, depending on how ready it is to handle the crisis. A business needs to understand what the implications of a breach really are, including financial, legal and reputational. Once they have a grip on this, they need to decide on their ‘appetite’ for risk, and allocate security resources appropriately.”
And this can’t happen unless they truly understand what data they have, and where it resides, he continues. “An organisation needs to classify its data sets, and decide which is the most valuable or sensitive data, and protect those data assets first. Data such as intellectual property, proprietary company data, customer data and financial data needs to be guarded first, and most carefully. Further to this, they need to ensure the principle of least privilege is enforced, and keep up to date with who has access to what, bearing in mind shifts among staff in the business.”
Another reason companies fail at security, is because they do not have a proper crisis management strategy or plan in place. “They are simply not prepared, and should a security event occur, they have no idea where to start, or what to do. A plan must be formulated, and all parties involved need to be fully aware of what their role is, and in what order the steps must be carried out. All parties and stakeholders involved need to work together, to design a plan that flows, and works in the event of a breach. There are legal ramifications too, and certain obligations in terms of disclosure, and notifications should sensitive data be exposed.”
Campbell-Young says throwing money at security solutions doesn’t solve all the problems. Being cyber resilient isn’t about having the top tools and solutions in place alone. It’s about backing up products with other measures to fully cover the business in the event of an incident.
About Credence Security
Established in 1999, Credence Security, previously ARM, the regions speciality distribution company, specializes in IT security, Forensics and Incident Response. Working closely with leading IT security vendors including AccessData, Fidelis CyberSecurity, eSentire and Digital Guardian, Credence Security delivers Cyber and IT Security technologies and solutions that protect
organisations against advanced persistent threats, malicious adversaries and internal malpractice.
- Its more than gender based violence – it’s a complete collapse of our moral fibre and care for our fellow man|#PayItForward |#Ingrid von Stein - September 13, 2019
- Your own free Trade Mark search |#Insights |#IP Braai - September 13, 2019
- The MediaShop dominates MOST Awards! - September 11, 2019
- Are you Emotional Intelligent in your work place? |#Insight Trends |# Losego Motshele - September 11, 2019
- Reaching the base of the pyramid consumer has to be highly relevant|#Marketing Insights |#Lorraine Gwewera - September 11, 2019
- As entrepreneurs and business managers we are expected to speak in front of people – here are a few tips |#Insight |#Howard Feldman - September 10, 2019
- Making the transition to Dynamics 365 - September 10, 2019
- Why are many BPC Embedded projects unsuccessful? |#Technology |#Trends |#B2B |#Emiliyan Tanev - September 10, 2019
- South Africa’s gaming industry is expected to bring in revenue to the tune of R3.6 billion by the end of the year – but where are the non-gaming advertisers? |#Marketing |#Insights - September 10, 2019
- Dormakaba cycling ambassador programme grows MTB in SA |#PayItForward - September 10, 2019