Today, there are no major doubts regarding the harmful effects that a cyber attack can originate in Organizations. The information security of our companies, their “gold”, is often neglected, as a result of a weak security, enhanced, in the vast majority of cases, by a lack of institutional strategy.
Cybersecurity poses constant challenges, due to the dynamic way in which they arise new technologies, new “facilities” every day and it is up to you to guarantee mechanisms of safe use, continuous monitoring and such a robust capacity, capable of resolve as much as possible in the event of compromise. The threat vectors are extremely varied and involve technical, human and/or procedural weaknesses. If on the one hand It is crucial to ensure the existence of technology that allows monitoring and mitigating attempts of commitment, as automatically as possible, on the other hand. all the Individuals, with their greater or lesser cybersecurity literacy, tend to be the priority target of those who attack.
The expression “There are no free lunches!” applies once again and, in this context in particular, is increasingly evident. The technology involved requires investment, the internal operation organizations (Processes…) lack investment… people they lack investment… And this is a continuous investment, because, as already As mentioned, “facilities” arise daily. It is undeniable that this is an investment which until very recently was not “budgeted” and was almost seen as a “waste” or a “sport for the rich”.
Investment in cybersecurity is not only important, but essential, for ensure the continuity and resilience of Organizations. There are overwhelming statistics as for companies (mostly SMEs) that were forced to close, such were the impacts of the attack. Ransomware attacks proliferate every day, but they are not the single threat. Information security must no longer be seen as a isolated cost, but rather part of the operating structure.
The big challenge is inevitably identifying the capacity (base) necessary to address the “minimum” security mechanisms, in order to mitigate the risks of greater impact for the organization.
It’s a huge challenge for a cybersecurity consultant (who truly is one), in Portugal, clarify concepts that “overwhelm” decision-makers in Portuguese companies. But also from this perspective (and which is transversal to our society) we must put an end to massification of experts in everything and more “a pair of boots” (like cybersecurity).
Entering a more technical speech: result of the difficulty in explaining, translating simply put, what is a SIEM, an EDR, a SOAR… and that none of them is a SOC, decision-makers end up “investing” in isolated technology that does not translate, in most sometimes, in added value or even in real capacity. Technology comes and goes, capacity stays! And it is based on the symbiosis between the application of technology to processes of the organization and the readiness of its employees.
How can we move towards a more resilient posture and better able to face threats we face? Using, as in football, VAR. But here Naturally this VAR will have another meaning.
We don’t protect what we don’t see! It is a constant but unavoidable challenge to ensure that we know our organization. How is the our information generated, transported, stored? Where are the boundaries of my organization? What mechanisms do I have for (effective) monitoring of what is happening at the critical points of my network, systems and connected equipment? What behaviors do/do I need to detect that directly affect my business?
Technology helps, but the organization’s knowledge prevails in this process.
If there is validation and the certainty that the processes are consolidated and tested, tasks (technical and non-technical) must be empowered in an automated way. Means of communication/notification, detection and classification mechanism, analysis of indicators… the main objective is to focus human effort on value-added tasks.
It is the ultimate aim of an Incident Response Capability – ensuring a complete reaction and acceptable response/recovery levels, given the risk that the business can accommodate.
Finish by saying, and launching the motto, that an organization’s security posture can affect an endless chain of others that “cohabit” with it. More organizations safe, safer Portugal!