Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
DR ALEKSANDAR
VALJAREVIC, HEAD
OF SOLUTIONS
ARCHITECTURE, HELP AG
EDITOR’S QUESTION
/////////////////
It is typically the scale and nature of business of organisations
that determines whether they have a genuine need and/or
capability to establish dedicated cybersecurity teams. Today,
it is mainly the largest of organisations with pressing cybersecurity
needs – such as large banks and government entities – that are
making this investment.
For the majority of businesses however, it makes more sense to focus
on setting up the right information security governance and working
with the right partners on the selection, deployment and operation
of cybersecurity solutions and specialised services.
There are clear benefits to engaging with qualified external partners
– for one, today, every second vendor claims to have an end-to-end
cybersecurity platform. In reality, these vendors tend to excel in
certain technology areas and fall short in others.
Finding the right balance between the security platform approach
and best of breed point solutions is the key. It is here where the
expertise of external partners is needed to identify the right mix of
technologies and implement and configure them in an optimised
manner so that the organisation can have effective protection.
Organisations looking to address their cybersecurity skills gap
can greatly benefit from the services model. This addresses the
above-mentioned challenge of selecting
and integrating the best point products as
with services, it is the SLAs and technical
proficiency of the provider that take
precedence over the technologies themselves
(although underlying technology is of course
still an important aspect).
Clients therefore no longer need to worry
about the solutions that are deployed
and can instead focus on identifying and
engaging with the right service providers.
The future of cybersecurity therefore will
be services led. In five years from now,
security will mainly be delivered as a service.
While there is a definite market inclination
towards the services model, organisations
must still maintain a basic level of internal
technical expertise.
“
ORGANISATIONS
LOOKING TO
ADDRESS THEIR
CYBERSECURITY
SKILLS GAP CAN
GREATLY BENEFIT
FROM THE
SERVICES MODEL.
This is important to not only ensure better engagements and
management of SLAs with external partners,
but also to enable smooth internal operations
such as bridging the divide between GRC
(Governance, Risk and Compliance) and
cybersecurity teams.
Finally, no cybersecurity strategy would be
complete without an organisation-wide
awareness programme. Humans remain the
weakest link in the information security chain
which is why we see cybercriminals focusing
so heavily on social engineering and other
attacks which exploit human behaviour.
Modern awareness programmes must not
only focus on training, but also testing
such that user actions are fed back into the
security controls. So, for example, if a user
clicks a malicious link, a new set of policies
and permission must be applied to prevent
the reoccurrence of such a threat. •
www.intelligentcio.com
INTELLIGENTCIO
35