The world of cyber security is constantly evolving. The protection tools that were effective in 2016 may well be in 2018. According to an official investigation into the security breaches it made to the british government, while 74 % of the companies consider their cyber security as a high priority, the amount of “non-negligible” number of them have still not put in place the necessary safeguards or adopted a formal approach in the matter.
Download the free guide
Boost your gains
Cyber security must be a priority for the directorates of information services (ISD) ; in fact, it is them that is responsible for ensuring that their company has the appropriate technologies and that their staff are sufficiently trained to prevent potential attacks.
Ian Pitt, CIO at LogMeIn, explains how to protect your organization and keep one step ahead of the threats :
The approach to cyber security
For the new DSI, it is best to adopt a measured approach and overall. The rules and reforms radical dedicated to changing the company in-depth have little chance to succeed. It is better to cultivate an environment where culture, good will, budgets, the scope of the strategy and the risk level are all suitable with each other.
To achieve this, the new ISD should seek to understand the measures currently in place, the strategies adopted previously, and the choices that have worked or not. Although the security should be one of the priorities of the company, its treatment will depend, inevitably, to the concrete risk. It must therefore be clearly evaluated and brought to the attention of the board of directors. Finally, in order for the strategy to be effective, it is necessary that all officers of the company are to provide their support.
The development of the security policy
Once these conditions are met, and as soon as the DSI has a clear vision of its objectives, it was necessary to focus on the policy formulation of detailed security to be applied in the whole organization.
The core of any cyber security strategy is to integrate the fact that men are just as important as the technologies. The tools are of course important, but it is essential that users are trained to use it, and why this is important.
A good strategy of cybersecurity needs to involve all staff ; rules be concise, relevant and easy to understand, regardless of technical expertise ; provide best practices ; and to ensure the correct configuration and regular updating of the tools. Many businesses spend too much money in solutions of oversight, while failing to take the measures necessary for their protection from information collected.
Employees, whether they are new or not, must be regularly trained, and the policy should be updated periodically. Finally, this strategy should not be seen as a chore or a necessity, but as something fun for everyone. To do this, organise competitions or adopt a humorous tone can help to get buy-in from all.
Anticipate…
Any prediction requires a degree of caution, but at the global level, CIOS can expect to see a number of changes in the next 12 to 18 months.
Many companies are still struggling to filter out the false alerts of threats credible. In this domain, the self-study should provide a valuable aid to identification and control of hazards. Of course, these technologies are already available today, but they will evolve and improve with time. In addition, it managers will have the technologies and data necessary to react in real time to events instead of using their tools for analyses a posteriori.
The context and the tools evolve. Therefore, it is important for CIOS to foster collaboration and exchange between employees in order to keep one step ahead of the competition. Internally, it managers must also be aware of the direction of the company in terms of development or of transformation so that the strategies and tools adopted should be tailored to the needs. Finally, externally, they must maintain regular contact with their peers and specialists to develop their knowledge of the field.
Download the free guide
Boost your gains