Business Guide: How to handle information security

Securing a business‘ information management is one of the most important duties in a company.

With the pace of digital transformation accelerating, companies must act now to secure their information management systems. But too many organisations have delayed investing in a detailed security system, leaving them vulnerable to attack. Everyone’s business is now automated, digitised and online, bringing advantages of speed and cost, but introducing a host of potential vulnerabilities. Fortunately, establishing an efficient information security management system (ISMS) will go a long way to mitigating the dangers.

Cyber dangers

The main issue in the age of digital transformation is data protection, especially against cyber criminals. Tele-communications giant Verizon conducted research into the greatest security dangers facing companies, and concluded that it was from hacking, which contributes 40% of data breaches, and malware, which causes another 30%. One spectacular example was last summer’s massive cyber attack on shipping container giant Maersk in the port of Los Angeles. With computers and servers shut down, workers were forced to improvise using Twitter, Whats-App and Post-It notes. The Petya ransomware attack cost Maersk US$300 million and disrupted operations for two weeks, demonstrating that even global companies are vulnerable to attack.

“As villains create new threats, new tools are needed.“

hands typing on a keyboard

Technology is a world that never stands still and, unfortunately, that applies to the criminals too. That means that businesses can never rest on their laurels when it comes to ensuring that they have all of the latest tools and systems to keep their data secure at all times, regardless of what is thrown their way.

 

A well-designed information security management system (ISMS) will increase a company’s resilience to cyber attacks. But it’s not just a question of plugging in security technologies, then going to sleep. Creating the right ISMS requires a lot of thought before selecting a policy framework and relevant technologies. Companies need to do a risk assessment that identifies key vulnerabilities and then assess their business position to determine what their budget is. They will have to decide whether existing personnel have the technical capabilities, or whether they need to recruit, then set short- and long-term goals. Security risks change rapidly and ISMS systems have to evolve to deal with new threats. Businesses should seek guidance for their risk analysis from the multiple standards available, including COBIT, International Organization for Standardization (ISO) 27000 series and US National Institute of Standards and Technology (NIST) 800 series.

Identify the business' weakest point

An ISMS framework will take account of the fact that most cybersecurity incidents are caused by the lack of awareness of the victims, who fall prey to the cybercriminal traps. A high-profile example was the massive security breach last year at credit reporting agency Equifax, which leaked the data of more than 147 million consumers. The company’s CEO attributed the lapse to human error. It’s clear that technology is needed to reduce the risk of human error as much as possible, even if it can almost never be completely eliminated. Cybersecurity training programmes are essential to explain to employees how minor mistakes could have catastrophic consequences. There’s also a human cost to making avoidable errors. No one wants to have to sack staff when they fall victim to a phishing campaign, or social engineering attack.

SIM solutions

Another important issue in setting up an information security system is determining how to sort out all the data that floods in from security devices, such as firewalls, proxy servers, intrusion-detection systems and antivirus software. The IT team can quickly be overwhelmed because installing a better security system will increase rather than reduce alarm data. Companies ought to consider installing a SIM (security information management) technology that logs and sorts the data recorded by other pieces of software.

 

Larger organisations began using SIM systems a decade ago, but the market has boomed and they are now integral to security at many small-to-midsize businesses. Instead of IT security teams manually sorting reams of data, the SIM toolkit automates the process and normalises the data. It can translate Cisco, Microsoft, or CheckPoint software alerts into a common language. Many SIM suites include multiple applications to address different issues.

 

When deciding which SIM system to purchase, businesses need to consider the level of risk they face and whether it has the capacities they require. It needs to be scalable, so it logs information from hundreds, or even thousands, of devices in real time. It needs to cope with what Symantec calls “blended threats”, which could combine the characteristics of viruses, Trojan Horses and malicious code. Some businesses will want active response capability, meaning the SIM system takes immediate action based on the data. This option always needs careful installation to avoid unnecessary shutdowns of servers and blocked traffic if staff make innocent mistakes. Care has to be taken as well to negotiate interdepartmental politics. SIM requires complex integration and there might be delays as each department works out suitable access privileges.

 

Once the system is designed and installed, that’s not an end to the process. The organisation needs to set KPIs to monitor its effectiveness, then review major breaches. Bad actors are continually exploiting new technologies and vulnerabilities, and it will be essential to constantly deploy new tools, skills and procedures to counter them. Fortunately, technology companies are moving as fast as the criminals and all the tools are available to implement a strong and secure system.

Security

As digital transformation brings new threats and opportunities, firms must handle them responsibly and securely.

  • Why companies should monitor its network?

    Taking care of a company's private network should be a top priority.

  • Grow your business towards digital transformation

    Digital Transformation plans recognise the importance of being able to work on the go.

Cookies and your privacy

We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

Cookie preferences

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

These cookies allow us to measure and improve the performance of our website.

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.