BY: CAROLE O’BRIEN
The month of October is cybersecurity month, where suppliers share their knowledge, products, and the scary facts that the threats are still increasing. Claims that they have the ‘silver bullet’, that will solve all your problems. The fact is that cybercrime is still rising, and the continued disruption of the pandemic, along with the anywhere workforce has increased the challenges of cybersecurity. With the new work environment, it has the potential to create blind spots, lack of cohesive defences and can highlight vulnerabilities in legacy security solutions.
Having a one- dimensional security strategy, that is reviewed annually will no longer be suffice. A more dynamic, multifaceted, multi-layered approach , that is continually monitored, analysed, and adapted is what is needed to fight the battle of the ‘Hacker’. Security should be pivotal to any IT process, programme, and business strategy and evolve with the environment.
The working environment has changed in many ways and over the last few years more and more of us work on multiple devices. Our phones have become our mobile office, where we can work anywhere. All devices need to be included in the security strategy and implementation.
What is a multi-layered approach?
IT security teams have a lot of ground to cover, protecting every contingency, in comparison, the cybercriminals only need to slip past defences once. There is no single defensive mechanism that can ensure security across the changing work environment to defend against today’s threats .
It is therefore a necessity for IT teams to take a layered approach to their cybersecurity that evolves to incorporate current threat trends. A layered approach in not solely focused in terms of technology and tools, but an integrated and overlapping strategy based on security tools, people, and processes that will yield a more effective defence. Just like the children’s game of pass the parcel, the tighter you wrap the layers the harder it is to get to the prize.
The criminal’s reward is your data, access to your systems and disruption. By ensuring that there are many layers between the outside and your data, and by overlapping at each stage increases complexity and strength. The criminals are looking for easy openings, non-monitored areas, and weaknesses, the harder you make it the more of a deterrent and the reduced risk of an attack. Observation and reacting to threats as they come in are vital. They will happen at some point, but having the layered defence means that the criminal would need to clear more boundaries of protection to be able to get to the centre of operations.
There are a host of technologies that can be implemented but it is important to consider the ability to integrate and automate, therefore enhancing rapid detection and mitigation of threats. Security is everybody’s concern, by incorporating end users into the strategy at each stage increases the protection and engagement.
Education and training that are both current and regular along with a policy that allows potential incidents to be reported with a no-blame culture greatly increases the likelihood of users informing of any mistakes they could have made (clicking on a link, replying to suspect email ect) and then reactionary measures taken quickly.
The role of cybersecurity is to add value to your organisation enabling objectives to be reached. It is about people having a positive relationship with security, having the right technology intertwined with the right processes across the whole organisation, resulting in a solid investment for your businesses future.
Auditel, can help in many ways, from an independent review of your current strategy, to working with you to develop and implement a holistic approach greatly benefiting your business.
Auditel’s capabilities and approach to partnering means experts are available on demand and with the right skills to ensure your success.