Recently we attended a series of conferences devoted to information security and cybersecurity, which was quite interesting. The best part we found there, was the relatively new topics on which we were guided- such as NextGen, Internet of things (IoT), DoS attacks on IoT devices, security intelligence platform, AI, etc. The fact that some of these terms caused “hype” is not in itself a problem, after attending these conferences and some other workshops, we were forced to wonder whether the world of security is right about things.
This article will give you a new vision of Cyber Security, that is directly related to the needs of the business, because we come across with companies that often seem to lack on their Cyber Security, and there are just so many things that do not end well. So here are some points which one should take into account:
Cyber Security Lesson 1
Start with the company (and associated risks)
In practice, security can be an exceptionally difficult task, but its essence is quite simple. Security is all about the reduction or elimination of risks, as well as ensuring their visibility which allows companies to accept and continue their activities, without any threat. To achieve maximum efficiency security professionals must understand this business, and not treat it exclusively from the point of view of Cyber and Information technology. A famous quote on it as follows-
“Experience shows that in most cases (about 90%) of the attacker are still using simple methods and WEAKNESSES: phishing emails, malicious attachments.”
If we start from the business, we first need to identify possible risks associated with a specific company and then we must determine how to deal with them.
After that, the person accountable for the security within an organization must draw up a safety plan determining how these changes should be carried out; clear goals and deadlines should be indicated, acting must be judicious and the person must not engage in multiple projects at one time.
Cyber Security Lesson 2
Identify a road safety map, with a clear goal and step-by-step actions
Being decisive in your approach to security is crucial; it must be often come in terms with your company to make adjustments as required. In the process of mounting and implementing any projects will help in reducing the risks and achieve the ultimate goal.
It is imperative not to lose sight of the business purpose when other things come in view, neither the persons responsible for security should not “restrict or discourage” the company from taking security measures. It’s not rocket science or something of highly advanced material, so, therefore, the approach should be fitting and considerate. Knowledge of IT certainly helps and it comes handy when you are carrying out certain measures.
Master the baseline before embarking on more complex security solutions
After participating in the conferences, we noticed that maximum organizations do not even provide basic security measures, let alone advanced security solutions. Presentations of these technologies by Cybersecurity companies often look overwhelming and offer appealing content, but for most organizations, they are at a very towering level. In accumulation, occurrence shows that in most cases attackers still use the simplest methods and weaknesses: phishing emails, malicious attachments, and so on, and of course, there is the weakest link – a person.
Before moving to advanced technologies, companies need to create basic security solutions that take into account these simple risks. Of course, the first ones are also important and should be implemented in the future, but only after intensifying the basic solutions. Often, security conferences focus on complex threats and advanced persistent threats.
Cyber Security Lesson 4
Establish the right partnership – cooperation between IT security experts is important
Latest developments come into view quickly, and individual attackers and groups of intruders use more assorted and advanced attacks and tactics. Ultimately, advanced security solutions will become inseparable from the broader road safety maps of our organizations. But, before building a “house”, you need to lay the foundation. And to build a house requires cooperation between the architect, realtor, bricklayer, and plasterer and, of course, the owner of the house.
It is this feeling when something is created together, that we must be present in the world of security. We must actively cooperate, because, like building a house, there are no owners or architects who would just as well perform the masonry, painting or construction work.
No security company has the best solution for every security risk, so you cannot do without working together. Those who could harm your company are already operating, so it’s time for security specialists. We need to start with the owner (company) and the foundation, and then establish relations with the right contractors (suppliers of security solutions).
Cyber Security Lesson 5
Connect all – this is the only way to success
To achieve results from the company’s security and organization requires understanding and support from the company and vice versa. The person (s) responsible for safety must be able to give short and clear explanations so that various stakeholders of the organization participate in the process.