Securing the Martini!
It’s hard to think about anything other than security when all the headlines in the press are about hacking scandals and cyber threats – article du jour attached as an example here.
At a more parochial level, 60% of respondents to the Cisco Security Capabilities Benchmark Survey said they are not patching and only 10% of Internet Explorer users run the latest version of the browser; still 90% of respondents are “Confident” in their Cyber security capabilities…
Interestingly, the research reveals that organisations must adopt an ‘all hands on deck’ approach to defend against cyber attacks. Attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity. Defenders, namely, security teams, must be constantly improving their approach to protect their organisation from these increasingly sophisticated cyber attack campaigns. These issues are further complicated by the geopolitical motivations of the attackers and conflicting requirements imposed by local laws with respect to data sovereignty, data localisation and encryption.
To continue my theme of Martini Computing, clearly in an age where we want to be connected wherever we are and on whatever device we’re using, the possibility of being exposed to these threats is ever increasing.
What can you start doing to ensure your mobile business is ready in this new world? Some thoughts:
- Security must support the business. Too often today companies have a hotch patch of Security products acquired over the years and pieced together like a patchwork quilt. Are they equipped to protect the way we do business today and in the future?
- Security must work be thought about architecturally. What do I do to prevent attack? What do I do when I am under attack? What do I do after I’ve been attacked?
- Security must be viewed as a “people problem” and not just a technology problem.
As our CEO puts it “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”
To maintain a strong level of trust with customers, partners and employees in this environment, businesses must think of themselves as security companies. While there is no such thing as a trusted network or device, a strategy that focuses on the core security issue – threats – will allow network defenders to advance beyond the abilities of attackers to address the extended network and evolving business environments.
Good leaders need to be unrelenting in their self-assessments of security: What controls do we have in place? How well have they been tested? Do we have a reporting process? Have we conducted an audit recently?
IT Security is no longer just a technology issue – it applies to everyone. Your staff, your contractors, part-timers, those on a sunny beach sneakily checking the Blackberry on holiday, even the office dog (if we can connect elephants and cows to the internet it’s just a matter of time!) It’s necessary for technology and business leadership to align and discuss potential risks and work together to find solutions that protect intellectual property and financials alike.