The security landscape has changed. Today, most people sitting around the boardroom table are aware of the risks and how important it is to ensure that the organisation is secure. From the small business through to the mega-enterprise, cyber security has finally become a priority. Now, the focus is on ensuring that this awareness translates into the right technology so the business can effectively combat security challenges from multiple angles. It’s about embedding resilience into a security strategy.
This is the era of cyber resilience. The era of robust internal security training, investment into firewalls and services that surround the business in agile security and a focus on the endpoints and zero trust methodologies that are shaping security planning today. Cyber resilience is ensuring the business has the tools and expertise it needs to anticipate attacks, adapt to attacks, resolve compromises and respond to uncertainty with agility. It is also the ability to recover from an attack as fast as possible because the right systems and approaches have been put in place.
“There are a few things that need to be in place to ensure that a company is fully cyber-resilient,” says Henk Olivier, Managing Director at Ozone Information Technology Distribution. “You need to invest into a basic risk management analysis and ensure that your employees react appropriately should an event take place.”
Having a clear ‘if this, then that’ plan in place ensures that high-risk and high-priority operations are shut down or protected instantly and that any attack focused on these systems is resolved as a matter of urgency. Undertaking this analysis should also include unpacking the customer interaction levels to determine any vulnerabilities or risk factors, and the user and employee touch points that can put the company at risk. The next step is to invest into technology that’s capable of handling the risks and that measurably delivers the peace of mind the organisation needs.
“Basic security hygiene is a must,” says Olivier. “This includes keeping all operating systems and devices up to date with the latest patches and having firewalls like Kerio Control in place. This is a next-generation firewall for small to medium-sized organisations and is purpose-built to deliver exceptional security to smaller companies at a reasonable price point. Another critical step is to ensure that users have strong passwords and these are mandated by company policy.”
Employees need to understand how important their behaviour and approaches are to keeping the business secure. However, people make mistakes and many people are going to make the mistake of using a weak password, no matter how many times they’re told not to. Enter Keeper, a password manager designed specifically for the business. It’s cost-effective and easy to use, and it ensures that every individual within the organisation is using a strong password and is playing their part in keeping the business secure.
“Cyber resilience is also defined by the plans you have in place should the attack succeed, and it will succeed, at least once,” says Olivier. “Have a data recovery plan and process in place and always have backups – plural; you need more than one backup and you need to keep one set offline so that any ransomware doesn’t have time to populate a backup.”
Cyber resilience can easily become a part of the very fabric of the organisation, it just needs support from the right technology and the right security approaches.
* Article first published on itweb.africa
Share