The direction of travel in IT innovation is compounding the risk for organisations. As any IT security veteran will tell you, there used to be a clear distinction ‒ an endpoint ‒ separating the inside and outside of an organisation.
But as companies embrace digitalisation, IoT and the cloud to create inter-connected supply chains, it’s virtually impossible to define a clear, easily protectable perimeter, especially when that perimeter may actually lie outside of your business, your remit, your scope of control.
Even if you are investing heavily in the latest security software, can you be confident that every business in your supply chain is doing the same?
The stark reality is that every connected device – even those loaded with industrial-strength security applications – can be compromised, becoming a potential doorway into your enterprise.
The more devices you add, the greater the area of potential attack. As points of entry increase – as is inevitable in a world where everything is becoming connected ‒ it’s more difficult for cybersecurity professionals to identify and resolve vulnerabilities and keep track of all threats.
One strategy is to ensure clear siloes in your network. In many organisations, once a network has been breached, the hacker is free to travel anywhere, gain access to any and all information.
But by creating data siloes, ring-fencing your more sensitive data – such as finance or R&D – and restricting access to that data, you build up secondary and tertiary layers of defence.
To do that effectively means understanding your data. Different data has different value to different people, so it is essential for organisations to assess not just what is important to them, but what might be of value to someone else, and to protect that data accordingly.
Successful businesses have been investing heavily in digital literacy, both in their own workplaces and beyond, for some time already.
For example, Google’s $1 billion investment in digital education and IBM’s $70 million digital skills initiative in Africa.
There is no panacea for all cybersecurity ills. Nor does spending more money on the latest or most innovative security solutions guarantee protection.
A report issued earlier this year claimed that, over the past two years, 45 percent of UK organisations had fallen foul of phishing attacks 5.
All it takes for a phishing operation to be successful is for one employee to open a single email.
This demonstrates perfectly the key mistake many organisations, and employees, make: the assumption that cybersecurity is solely an IT issue.
In fact, for a security strategy to be effective, security must be the responsibility of each individual employee ‒ whatever their role, from the C-suite to the factory floor or IT department, and whether they’re in an office or factory, on the road or at home.
Journalist Mischa Glenny says,
"It is astonishing to see how many companies are still risking their entire existence by not integrating a culture of digital hygiene into their work."
To be effective, enterprise-wide cybersecurity must be based on engagement, not compulsion.
If you want your employees to be fully committed to digital hygiene, they need to understand their responsibilities ‒ from using strong passwords to locking their laptops in a drawer before going home.
With phishing emails becoming more and more difficult to spot, employees need ongoing training in how to identify suspicious links.
Crucially, employees need to understand the importance of reporting any potential breach as soon as possible – and be reassured that they can do so without fear of reprimand.
5) www.information-age.com