When it comes to information security, there are some extraordinary claims made by various suppliers. You could be forgiven for thinking that you’ve implemented A, B and C solutions and all’s covered.
It may well be that each vendor makes a claim to cover A-Z all on their own. So, you’re being belt and braces by playing to the stated strengths of multiple providers.
Yet there may still be gaps. You buy off-the-shelf software and solutions and set them up to meet as many of the business needs as possible. Every business is unique though, so it’s impossible for developers to allow for every scenario.
Detailed requirements gathering and an element of bespoke design is essential to make it an appropriate fit for your business, and not the other way around.
How many systems do you have? How many interlink or are single-purpose?
What are they used for and how many people have access? Who monitors when access is to be granted, denied, or terminated?
From a systems perspective, there’s clearly a great many areas to consider. And that’s before we get to what is often the weakest link: People.
Many of the recent high-profile hacks and attacks have been the result of someone clicking on the wrong thing. Sure, there are often other failures such as woefully out of date operating systems, but it still took someone to knowingly open the attachment, click on the link or forward the email.
Awesome people can do dumb things. It isn’t just opening dubious file attachments. What about simply speaking to the wrong person? Or getting suckered into an online survey which gathers date of birth, mother’s maiden name, name of first pet…. You see where we’re going here?
Security therefore, is not a systems issue, or a people issue. It’s a business issue that requires a business-wide approach to succeed.
A breach will be on a scale of embarrassing, to damaging, to catastrophic. The post-mortem of every recent public incident has shown that the situation was avoidable. Yet, they happened.
We work with companies every day to help them join the dots across the entire business to ensure that systems and data are safe, secure, 100% available, whilst having the processes and training in place to support it.
Threats evolve and get smarter with each attack. Our job is to make sure we do too.