It’s unfortunate that while many businesses understand the importance of creating an IT security strategy, they often stall when it comes to seeing it through to deliverable action. As such, once they are attacked, invariably this is a situation that costs more to resolve than if the organisation’s planning had been better in the first place.
You only have to look at the news headlines where there doesn’t seem to be a week that goes by without a data leakage incident of some kind being reported. It’s not just happening in a particular sector, or specifically focused on small, medium or larger enterprises — it’s across the board.
There’s often an attitude of ‘it won’t happen to me’, or ‘my company isn’t important enough for someone to target’. Indeed, for some organisations there seems be a significant issue with understanding that in a connected world you have a responsibility to make your services secure. You and the people in your company are digital by default.
Just look at the statistics. The Lloyds Risk Index 2013 showed that cyber security shot up from twelfth to third, while Ponemon’s recent 2013 cost of cybercrime shows a 30% rise in the cost of a cyber-attack.
Recent Fujitsu research indicated that only 9% of consumers have any faith in organisations to protect their data, with nearly a third (29%) recording a decline in trust over the last year.
Taking all this into account, digital by default also needs to mean secure by default.
However, some organisations may not fully understand risk when it comes to security, while others invest funds on security products that fail to meet their needs. The public and private sector must educate themselves on data and recognise that investing money in testing, targeting and segmentation will more than pay for itself in the end.
Understanding the issue is a two-way street and the security industry has a bad habit of talking about security in a very complex, technical language too early. You’ve got to work with the business in question.
One of the core aspects of this relationship should be solidifying and putting into action a security strategy. At Fujitsu, we’ve developed services that will help the customer achieve each step towards this goal.
The technology deployed to protect should be simple and easy to use and have security ‘on’ by default rather than leaving it to the user to switch it on or opt in. Policies must be adaptable and flexible too, security can’t be absolute.
Thankfully, the blasé attitude to building such a strategy to action is becoming less prevalent. While it’s not everyone’s cup of tea I think the word ‘cyber’ has a lot do with that in terms of gaining people’s attention. But there is still a long way to go.
What organisations throughout Ireland should remember is that a lot of what creating a security strategy is about is common sense. Putting that plan into action even more so. Understand what your risks are and put security around it that protects you and your business.”
David Robinson is Fujitsu chief security officer for Ireland and UK and his team will be exhibiting at the upcoming Fujitsu World Tour event in The Convention Centre Dublin on 10 July. www.worldtour2014.com
Subscribers 0
Fans 0
Followers 0
Followers