NC Nov-Dec 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SECURITY UPDATE<br />
CYBERSECURITY - ARE YOU CONFIDENT OR<br />
COMPLACENT?<br />
PAUL GERMAN, CEO AT CERTES NETWORKS DISCUSSES THE<br />
OFTEN MISPLACED CONFIDE<strong>NC</strong>E SURROUNDING<br />
CYBERSECURITY IN BUSINESSES.<br />
We all know that today's cybersecurity<br />
landscape is an ever-changing one.<br />
So how often should organisations<br />
review their cybersecurity strategy? If it's a<br />
question that hasn't been asked in a while<br />
then chances are that, in this world of<br />
constant threat, you're probably at risk.<br />
Despite the near constant stream of data<br />
breaches making headlines, far too many<br />
organisations insist their current cybersecurity<br />
model is good enough. However, the contrary<br />
holds true. Quite simply, if any of the<br />
statements below apply to your business, then<br />
it's arguable that cybersecurity confidence is<br />
actually misplaced complacency.<br />
1. We haven't been hacked before, and I<br />
know where my organisation's critical or<br />
sensitive data is at all times. Why change<br />
something that's working today?<br />
No business can ever be 100% sure where<br />
its data is or that it hasn't been compromised<br />
in transit. Failure to recognise this issue is a<br />
board-level responsibility.<br />
2. We tick the boxes when it comes to GDPR,<br />
PCI DSS, HIPAA (and other regulations) so my<br />
organisation is secure.<br />
No company that has met their compliance<br />
requirements has ever been hacked, right?<br />
Taking a compliance-led approach to<br />
securing customer data will cause a<br />
fundamental vulnerability within the<br />
cybersecurity infrastructure, simply waiting for<br />
hackers to exploit. Compliance is important,<br />
clearly, but it should be a subset of the<br />
overall, continuously evolving security strategy,<br />
rather than an end-point goal in itself.<br />
Organisations are understandably<br />
concerned about the financial penalties<br />
associated with failing to achieve<br />
regulatory compliance. But take a step<br />
back and consider the financial<br />
implications of a data breach, of high<br />
profile customer data compromise. That is<br />
a far more significant cost and an event<br />
that will have long-term repercussions on<br />
customer perception and loyalty.<br />
3. We trust that our WAN provider has the<br />
necessary controls in place to keep our data<br />
secure as it moves between locations.<br />
WAN providers can't guarantee the security<br />
of their environments, and the security of<br />
your data is ultimately your responsibility.<br />
What's needed is a data-first 'Zero Trust'<br />
mindset that protects data before sending it<br />
to the carrier network.<br />
4. IT costs need to be reduced, so the easiest<br />
thing is to cut the security budget; it reduces<br />
16 NETWORKcomputing NOVEMBER/DECEMBER <strong>2021</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK