Although the vast majority of businesses today are aware of the dangers of cyber crime, too many acknowledge that they are not really effective at preventing breaches and other security events, and are not confident in their ability to recognise that a breach is taking place. Security, and how to improve it, remains at the top of the CIO’s list of priorities.
So says Simon Campbell-Young, MD of Credence Security, who explains that there are a number of problems facing organisations who are trying to improve their security posture. “The first that comes to mind, is that too many organisations rely on their own security teams to test their security solutions. Very few have the ability to conduct proper penetration testing to the level where it can truly identify any vulnerabilities in the security chain. Businesses need to rely on outside experts, whose sole function and area of expertise is to perform these tasks. Pen testing, threat intelligence analysis, thorough security audits – these should be left to the experts.”
The next issue, he says, is that security isn’t keeping up with the pace of big data and digital transformation. “As businesses embark on a digital journey, creating massive data silos, moving to the cloud, and harnessing the power of social media, analytics and the Internet of Things (IoT), they are exposing themselves to a slew of new risks they are unprepared for. As businesses change, so does the threat landscape, and unfortunately, security solutions and strategies aren’t keeping up. They need to adapt security strategies to meet these changes.”
Further to this point, Campbell-Young says that businesses are unprepared, and don’t have real idea of what the implications of a breach could be. “Companies rely heavily on technology these days. A successful breach could shut down the business from a few hours, to a few weeks, depending on how ready it is to handle the crisis. A business needs to understand what the implications of a breach really are, including financial, legal and reputational. Once they have a grip on this, they need to decide on their ‘appetite’ for risk, and allocate security resources appropriately.”
And this can’t happen unless they truly understand what data they have, and where it resides, he continues. “An organisation needs to classify its data sets, and decide which is the most valuable or sensitive data, and protect those data assets first. Data such as intellectual property, proprietary company data, customer data and financial data needs to be guarded first, and most carefully. Further to this, they need to ensure the principle of least privilege is enforced, and keep up to date with who has access to what, bearing in mind shifts among staff in the business.”
Another reason companies fail at security, is because they do not have a proper crisis management strategy or plan in place. “They are simply not prepared, and should a security event occur, they have no idea where to start, or what to do. A plan must be formulated, and all parties involved need to be fully aware of what their role is, and in what order the steps must be carried out. All parties and stakeholders involved need to work together, to design a plan that flows, and works in the event of a breach. There are legal ramifications too, and certain obligations in terms of disclosure, and notifications should sensitive data be exposed.”
Campbell-Young says throwing money at security solutions doesn’t solve all the problems. Being cyber resilient isn’t about having the top tools and solutions in place alone. It’s about backing up products with other measures to fully cover the business in the event of an incident.
About Credence Security
Established in 1999, Credence Security, previously ARM, the regions speciality distribution company, specializes in IT security, Forensics and Incident Response. Working closely with leading IT security vendors including AccessData, Fidelis CyberSecurity, eSentire and Digital Guardian, Credence Security delivers Cyber and IT Security technologies and solutions that protect
organisations against advanced persistent threats, malicious adversaries and internal malpractice.
- Robotics in Retail – What does this mean for you and your business? | #Marketing | Kevin Britz | Craig Page-Lee | #Podcast | #ebizradio - October 22, 2021
- The Youth Unemployment Crisis – What is the impact on individuals and the economy | #Insights | Bryden Morton | Chris Blair | 21st Century | #ebizradio - October 20, 2021
- Going Digital against #GBV | MIP partners with TEARS Foundation | Richard Firth | Mara Glennie | #Digital | #ebizradio - October 19, 2021
- Firstwatch announces 2021 initiative to support entrepreneurs | #Entrepreneurs | #PayItForward | #ebizradio - October 19, 2021
- See me, Understand me, Learn with me | #Insight | #Education | The Montessori model enters your home | Madeline Hoban | InHome Montessori - October 19, 2021
- Is your business ready for the new frontier of hybrid working | Business Brunch with Björn | #Entrepreneur | #Technology | Craig Johnson | NSN.CO.ZA - October 19, 2021
- Abundance is not what’s in your wallet | #Insight | #LunchtimeSeries | Kevin Britz | Naomi Basson | #Podcast | #ebizradio - October 18, 2021
- How important is Employer Branding to you and your business? | #Insight | #HR | Pabi Mogosetsi | UNIVERSUM | #Podcast | #ebizradio - October 18, 2021
- Motoring News | Diesel and Dust | Tumelo Maketekete | #Motoring | #ebizradio | #Podcast - October 15, 2021
- How is AI going to affect both Business and the Advertising landscapes? | #Marketing | #LunchtimeSeries | Kevin Britz | Craig Page-Lee | #ebizradio | #Podcast - October 15, 2021