W
ith today’s cybercriminals doing
anything and everything to
stay ahead, the cybersecurity
industry must continuously fight to keep
pace. The rising tide of cybercrime means
that every organisation needs to start taking
cybersecurity more seriously and ensure
they’re equipping their current and future work
forces to help present a united front online.
NED BALTAGI,
MANAGING
DIRECTOR, MIDDLE
EAST AND AFRICA AT
SANS INSTITUTE.
Cyber criminals will not and do not make
exceptions for those they target and
organisations need to act accordingly.
While many organisations are investing
more heavily in technical solutions to
combat cybercriminals, this does not always
extend to investing in the skills of their
security staff.
EDITOR’S QUESTION
///////////////
Training should be a core part of every
organisation’s cybersecurity strategy.
Without continuous training to stay up-to-
date with the latest threats and defensive
techniques, organisations continue to leave
themselves vulnerable to cyberattacks.
Digital transformation is a key theme today
that is being driven by business requirements
rather than IT.
Research firm IDC predicts that by the end
of 2019, digital transformation spending will
reach US$1.7 trillion globally, representing a
42% increase from 2017.
There is no question that businesses
recognise the need to invest in their IT
infrastructures to create reliable digital
services for their employees and customers.
At the same time, as we move business
processes to IT platforms, we also need to
ensure these platforms are secure. lies in them either underestimating the
threat to their organisation or being
constrained by IT budgets. All evidence
shows that the frequency and sophistication
of cyberattacks is growing and it is no
longer a question of if but rather when an
organisation will be attacked.
Disruption to an organisation’s services,
or worse still, a data breach, could cause
irreparable damage to the brand and even
movement of customers to competitors. Just deploying a stack of defence
technologies does not guarantee security
and worse still, this false sense of security
can result in incidents being overlooked.
The Ponemon Institute found that US
companies on average take 206 days to
detect a data breach.
With this potential impact, can business
leaders really afford to neglect cybersecurity?
The good news is that there has been a
change in mindset in the last couple of
years and organisations today adopt a
proactive rather than a reactive approach
to cybersecurity.
I therefore believe that rather than it being a
case of business leaders having no intention
of improving cyberdefences, the challenge
36
INTELLIGENTCIO
So even if you have invested in the best
security solutions, you need to ensure that
you are constantly training and retraining
your cybersecurity personnel in techniques
such as continuous monitoring, intrusion
detection, prevention and digital forensics.
In short, expect to be attacked and ensure
you have the ability to detect and mitigate
the threat.
Organisations that want to harden their
security but are limited by their budgets
should also focus on addressing the
most critical aspects i.e. the systems and
processes most likely to be exploited by
attackers. This requires your IT team to be
well trained in vulnerability analysis and
penetration testing.
Once the most urgent vulnerabilities have
been addressed, the company can optimise
the utilisation of its existing cybersecurity
investments by investing in the skill sets of its
IT team. Well trained security professionals
are better equipped to configure and
manage existing security investment to
increase their effectiveness.
The tools and security systems available
today can mitigate the large majority
of attacks, so the risk actually lies in the
organisation’s failure to implement a
cybersecurity strategy that addresses the
two remaining fundamental pillars of
cybersecurity – processes and people.
www.intelligentcio.com