Cyber security is everybody’s business

Today, cyber security is on all of our minds. Every other day we get news of another cyber-attack, and as more organisations struggle to keep up with the onslaught of these new threats, many are asking: ‘What can we do to strengthen our cyber security posture?’

When we want to quantify it, consider the concept of risk. In its simplest form, the risk associated with a system is the impact if it malfunctions, multiplied by the likelihood that a malfunction will occur.

Even security systems, networks, and their configurations can be susceptible to potential cyber-attacks.  All departments — not just the security department — need to be properly informed on these potential threats. For example, engineering and procurement departments (just to name two) need to be fully aware of the risks associated with procurement decisions based solely on price, without taking into consideration any possible cyber security weaknesses or vulnerabilities. Technology manufacturers should be held accountable for protecting their sales distributors and customers from exploitations of their hardware — working in partnership to assure businesses and their data are adequately protected.

Intentional and unintentional risks

Today, a company can be at the mercy of an employee who unintentionally opens the content of a malicious email. For an attacker, this is quite often the easiest and most effective way to gain access and compromise a company’s confidential data. To protect your organisation against this type of attack, users need to be properly educated to reduce this careless, high-risk behaviour.

An organisation’s focus should be on those who are in contact with the outside: Who can reach them? How can they be reached? How do they respond? These are the types of questions a company’s physical and cyber security teams need to jointly ask and manage.

Take the supply chain for example. This department represents a potential vector for an enterprise attacker. Companies, becoming increasingly aware of this risk, are taking steps to mitigate the possibility of a potential attack. Some go so far as to make static analysis or penetration tests on the products of their suppliers to ensure the solutions are robust and successfully ‘hardened’ against cyber-attacks.

Securing the future with the cloud

In the coming years, more organisations will leverage the cloud to help address many of today’s cyber security issues. The cloud offers additional security when making decisions on procuring new hardware and software. Education-by-example is a method that works well. Through training all the employees and members of your organisation on the benefits of the cloud, and how it can facilitate cyber security, they will have the knowledge to make better decisions regarding keeping their organisation safe. By making examples and showing how easy it is to hack into some of the low-cost security hardware on the market, employees will understand first-hand the perils that poor procurement choices can cause.

In the event that these purchases have already been made, it would be necessary to:

• Assess risk through vulnerabilities. This can be done by an analysis of the product and the code, via a questionnaire sent to the manufacturer of the product and by a penetration test.
• Mitigate the important risks identified.

There is little doubt that organisations will increase their connections with one another, extend their security systems, and continue to move to the cloud. Here are the three benefits for moving to a hybrid-cloud or all-cloud system:

Easier to get system updates: When using cloud services, the cloud service provider is responsible for the updates and they are immediately pushed down to you in a seamless or almost seamless way. This helps to ensure that your systems remain protected against known vulnerabilities. 

You’ll always know the system’s health status: Cloud services can automate this task by immediately sending you an email or text to let you know that a system vulnerability has been identified. You can then securely log in to the system to investigate the issue and take corrective measures.

You can outsource risks: Cloud providers use economies of scale to provide high levels of security for their shared infrastructure. They take the burden of the risk of threats, investing money, time and resources to build and maintain highly secure cloud platforms that benefit customers. As a client, you get access to multiple layers of security at the fraction of the cost.

Firas Jadalla is regional director for the Middle East, Turkey and Africa (META) at Genetec