12 November 2013
It won’t have escaped your notice that cybersecurity is becoming more complex by the second. Lots of converging factors are responsible – for one, modern cyber-attacks are changing daily as hackers probe for new vulnerabilities to exploit. And second, in the era of employee mobility, remote access and cloud-based applications, there are more and more devices, data and apps to secure. The immediate response from the security industry is to develop new patches and new technologies to detect and counteract new forms of attack vector and threats. Despite the trend for data centre consolidation, from a security and an applications perspective, corporate IT continues to sprawl into the cloud. Complexity is on the increase and the traditional, technology-centric approach to security will not keep up for long; the issue will simply shift from tin to management and expertise. This huge level of complexity is often reflected in the penetration tests companies are advised to undertake to improve security. Generally this produces a complex report that identifies vulnerabilities across a business, but it doesn’t prioritise them to reveal where the most critical gaps are. In reality, penetration testing is rarely useful; checking your security performance once a year is not going to allow you to respond quickly to the ever-changing threats out there. Rather than the over-engineered tangle of systems many companies find themselves managing today, it’s better to have a simple approach to security. A holistic, straightforward approach that’s well managed will be far more effective than a complex one that’s run badly. The same goes for the security policies organisations decide to implement – they should be simple and consistent. In this light, a holistic approach to security is often the simplest path. Rather than deploying a complex mess of security technologies, implement an end-to-end approach to security: assess the risks, detect threats early, protect yourself with the right weapons and respond rapidly to any attack. Since this approach starts with understanding the strengths and weaknesses of your own business, you can quickly isolate the most crucial areas to protect and remove irrelevant complexity. Perhaps there’s a feeling out there that you must have the most expensive and complex systems to have the best security? In reality, complexity is not helpful. At the end of the day, there’s no way to protect every organisation from every threat out there. Even with an unlimited security budget, it just can’t be done. What you can ensure is that you have a straightforward system in place to quickly respond to a security breach as it happens. A quick, agile response is crucial to neutralise the threat, limit exposure to risk and minimise business disruption. This agility is something that complex security systems are just unable to deliver, even with all the money in the world. Interested in hearing more about how to draw new battle lines for cybersecurity? Register your place at Security Focuses on 27th November 2013, to discuss the latest strategies for proactive, end-to-end security and start mapping out your battle plan.